Some common environmental factors which will cause the first discovered dates to fluctuate are:
1. Targeting a system by FQDN or hostname when that name could resolve to multiple IPs. Two common examples of this are a system that is behind a load balancer or a system that has multiple NICs. Customers should be working with their network and/or DNS admins to determine if this is a possibility for the primary DNS server used by Tenable.sc, which can be found in /etc/resolv.conf.
2. Assigning systems a new IP address via DHCP when the dhcpTracking setting is not uniform across all scans for the organization.
3. Assigning the same IP to multiple systems in different networks and importing the scan results into the same repository. If 172.26.0.1 in network A is a different system than 172.26.0.1 in network B and each are scanned, Tenable.sc will consider them one system and the vulnerability data may not appear accurate due to the differences in the target systems. Customers should be working with their network and/or DNS admins to determine if this is a possibility in the environment.
4. Deploying virtual systems from the same template / image without adjusting the underlying network settings. Any duplication of FQDN, MAC, or NetBIOS across different systems will prevent Tenable.sc from uniquely identifying them, causing all the vulnerability data to collide under the same IP.
Please refer below URL on how one can normalize this behavior:
https://community.tenable.com/s/article/Tenable-sc-First-Discovered-Date-Fluctuating
Happy Learning !!
No comments:
Post a Comment