Vulnerability Management: reapply CI Lookup rules after order change?

stevemac
Tera Guru

Hi,

 

Have run into some issues with CI matching for Vulnerable Items sourced from tenable.sc.   The records in question used MAC address matching and that returned incorrect CI as the MAC address is related to network adaptor records for multiple devices (turns out there are several dongles our client build team use as laptops no longer ship with an ethernet port).

 

If I update the CI Matching rule to exclude these MAC Addresses and re-run the process it works OK.  The discovered item record ends up using a different CI matching rule and is updated to the correct CI and the Detection records are related to the appropriate Vulnerable item record.

 

If I just change the order of the records and then select the Discovered Item record and the option to reapply CI lookup rules then it does not appear to be working

 

Is anyone able to confirm that it should reprocess the CI Lookup rules in order and match on an earlier rule?

 

thanks,

 

Steve

0 REPLIES 0