One of our clients has Rapid7-Splunk integration in place. Here Splunk is used exclusively for vulnerability analytics. While Splunk team was performing some data analysis, they found few asset IDs with no corresponding vulnerability/asset data. They gave the list to us for investigation. I tried finding the relevant details in InsightVM but did not find anything.
Now that the context is set, this is why one should perform maintenance procedures on InsightVM database. Regular maintenance helps clean up the database and remove leftover data from deleted sites and assets. You might delete an asset from site/asset group but still the asset exists in InsightVM DB. This in turn results in number mismatch between solutions (wherever integration is in place, for e.g. in this case count of assets between Splunk-Rapid7).Please find the below URL:
https://help.rapid7.com/insightvm/en-us/Files/Administration.html
Happy Learning !!
vulnerabilitymanagement cybersecurity Rapid7
No comments:
Post a Comment