Update configuration items with the network partition identifier for the Tenable Vulnerability Integration
- UpdatedAug 1, 2024
- 3 minutes to read
- Xanadu
- Vulnerability Response
Create unique configuration items (CIs) for assets in your environment that share IP addresses. Identify the distinct assets across your environment and automatically update the CIs on your existing discovered item, vulnerable item, and detection records to give you more details about your vulnerabilities.
Before you begin
Role required: admin
About this task
By default in the Vulnerability Response application, one way to identify your assets is by IP address. In certain cases, assets can share IP addresses, but they are stored as one CI in your CMDB.
For example, as shown in the following tables, multiple assets (CI)s in your environment can share IP addresses but have unique network and repository ids. However, by default, these assets are typically identified and stored as a single CI (CI 1) during the IP address lookup.
| Source | IP address | Network_id | Configuration item |
|---|---|---|---|
| Tenable.io: Assets and Fixed and Open Vulnerabilities Integrations | 123.12.12.141 | 03712 | CI 1 |
| 123.12.12.141 | 03713 | CI 1 |
| Source | IP address | Repository_id | Configuration item |
|---|---|---|---|
| Tenable.sc: Assets and Fixed and Open Vulnerabilities Integrations | 123.12.12.141 | 12 | CI 1 |
| 123.12.12.141 | 13 | CI 1 |
You can create individual CIs for assets that have the same IP address so that you can identify them as distinct assets. Starting from a fresh data import, you can update your existing CIs with more granularity that includes the network partition identifier [network_partition_identifier] by running the scheduled job, Update existing discovered items with network partition identifier.
This scheduled job is deactivated by default. Activate this feature for the Assets and Fixed and Open Vulnerabilities Integrations for the Tenable.io and Tenable.sc products in the Setup Assistant to view this identifier on your records.
When activated, this scheduled job adds the Network Partition Identifier [network_partition_identifier] to existing CI records from imported data. Existing CIs created by the IRE are also updated. The scheduled job also creates CIs that include the network partition identifier starting with the next import. Alternatively, you can launch the job on-demand to update your existing data.
When you upgrade starting with v14.0 of Vulnerability Response and v2.2 of the Tenable Vulnerability Integration, the CMDB CI Class Models (1.0.21.) is supported. The class models have the network partition identifier [network_partition_identifier] in the Identification and Reconciliation (IRE) identification rules.
| Option | Description |
|---|---|
| Run the scheduled jobs on-demand. | Update your existing discovered items. CIs for your existing Tenable data are created or updated to include the network partition identifier granularity. Discovered items, vulnerable items, and detection records are all updated with the new CIs. |
| Wait for imports of fresh data from the integrations with the next scheduled jobs. | Create CIs for each new asset using the network partition identifier starting with the next scheduled job. CI, vulnerable item, and detection records are all updated to include the new granularity. New CIs are created when an exact match is not found. |
Procedure
-
Select check box from the section.
