Tenable split detections

Lacey L · ‎03-12-2025

Do the split tenable detections using proof still work without port granularity turned on? See this article: Split Tenable detections based on the vulnerability instance to split vulnerable items. It isn't mandatory to select port granularity in order to add proof, but it is listed in the instructions above. We do not want port granularity because it would be too granular, but we want to use proof to separate out multi file path VITs.

Terry23 · ‎05-15-2025

Great question! Yes, the Split Tenable Detections will still work w/o Include port as Active. As displayed, this option allows for potentially more than one VIT being created per CI.

wosiek · 2 hours ago

My use case: Instead of 130+ (yes, there are that many on some of these servers...) paths being grouped under a single Detection record, break those paths out into individual VITs. 1 VIT now becomes 130 -- more load on the table, but easier for remediation teams to track what paths have been dealt with as the current blob of text in the Detection record is nearly impossible to synthesize.

It would be fantastic if the split detections chewed through all the paths and created unique VITs without having to create detection keys for each Tenable plugin. Is that the expected behavior, or are the specific detection keys necessary?