Tenable compliance test uniqueness key
The Tenable compliance test uniqueness key determines how the system identifies incoming compliance test records during ingestion and whether they are treated as new records or updates to existing ones.
When the Tenable Vulnerability Integration ingests compliance test data, it uses a uniqueness key to match each incoming record against existing records in the Configuration Test [sn_vulc_test] table. If an incoming record matches an existing one on the configured key, the system updates the existing record. If there is no match, the system creates a new record.
By default, compliance tests are matched using a fixed identifier. When multiple tests share the same value for that identifier, later ingestion runs overwrite earlier records, causing data loss. The configurable uniqueness key enables you to select the identifier that best reflects how your Tenable.io compliance data is structured, so each test is accurately preserved as a distinct record.
Available uniqueness keys
Three identifiers are available as uniqueness keys:
- compliance_control_id
- The compliance control identifier from Tenable.io. This is the default for new installations.
- check_id
- The Tenable.io check identifier. This is the default for existing installations upgraded from earlier versions, to preserve backward compatibility.
- compliance_functional_id
- The functional identifier for the compliance test.
Choosing the right key
Select the identifier that is unique across your compliance tests in Tenable.io. For example, if your tests share the same check_id but differ by compliance_control_id, use compliance_control_id as the uniqueness key.
Only one key can be active at a time. Changing the active key on an existing instance affects how records are matched on subsequent integration runs. For more information, see Configure the Tenable compliance test uniqueness key.