Asset Deduplication FAQ

The following are frequently asked questions about asset deduplication in Tenable Exposure Management. Deduplication works differently depending on the data source — see Asset Deduplication in Tenable Exposure Management for a full overview.

Important: The following content refers to automatic deduplication for assets from different sources. For information about enabling the automatic deduplication of assets from the same source, see Settings > Asset Deduplication.

Do Tenable-native assets follow the same merge criteria as third-party data?

No. Assets from Tenable Vulnerability Management and Tenable Security Center use a separate, internal deduplication mechanism based on the Tenable UUID — not the attribute-based merge criteria (hostname, IP address, MAC address) used for third-party connector data. Two Tenable-native records must share the same UUID to be merged, regardless of whether other identifying fields match.

Additionally, assets with different Tenable UUIDs are never merged, even if all other matching fields (such as hostname or IP address) align. This ensures accurate separation of Tenable-managed data and prevents unintended merging between unrelated records.

Why aren't my Tenable Vulnerability Management and Tenable Security Center assets deduplicating?

If Tenable Vulnerability Management and Tenable Security Center both report the same physical host but assign it different Tenable UUIDs, those records will not merge — even if the hostname and IP address match. Different UUIDs can occur when:

  • Scan credentials differ between the two platforms.

  • Agent enrollment is inconsistent — for example, an agent enrolled in one platform but not the other.

  • The host was scanned in different network contexts.

To reduce duplicate Tenable-native assets:

  • Ensure agent-based scans use a consistent enrolled agent UUID across both platforms.

  • Verify that authenticated scan credentials are consistent so the same host receives the same UUID from each source.

  • If duplicates persist, contact Tenable Support with the asset UUIDs in question. Forced merging is not available in the UI.

Note: [SME REVIEW] Confirm that the Tenable UUID is the primary merge key for Tenable-native assets and that no attribute-based fallback applies when UUIDs differ.

What happens when I add additional connectors with asset data?

If the deduplication criteria are met, data from multiple connectors merges into a single asset. These are considered Multi Source Assets. For more information, see View License Information in the Tenable Vulnerability Management User Guide.

If the criteria aren't met, the platform treats the asset as unique and creates a new record in the inventory.

How does the system decide whether to merge asset data?

Tenable Exposure Management uses fixed matching criteria per asset class (e.g., device, website). If at least one combination of matching fields meets the merge conditions, the platform merges the data into a single asset.

Example for devices: If two connectors report the same hostname + IP + FQDN, the assets may be merged.

Can I customize the merge criteria?

No. The merge logic and field combinations are currently predefined and not configurable. Custom merge strategies may be introduced in future releases.

Can I choose which connector takes priority for conflicting data?

No. Tenable uses a fixed priority order:

  1. Tenable-native sources take priority.

  2. Third-party connectors are prioritized by the order they were added to the system.

You can review the source of each field on the Connector Details tab of the Asset Details page.

What happens if multiple connectors sync at the same time?

The platform doesn't queue syncs but processes them concurrently. The first successfully processed connector becomes the primary source for merge decisions if Tenable-native data is not available.

Why do I still see data from a removed connector?

If an asset was merged and the connector is deleted, Tenable Exposure Management retains the merged data if other sources still report matching values. Only data exclusively ingested by the deleted connector is removed during connector deletion.

How do multi-source assets affect my license count?

A multi-source asset — one reported by more than one connector or data source and successfully deduplicated — counts as a single licensed asset, regardless of the number of contributing sources. You can view your current multi-source asset count under Settings > License.

If your total licensed asset count is higher than expected, check whether Tenable-native sources (Tenable Vulnerability Management, Tenable Security Center) are creating separate records for the same host rather than deduplicating, which would inflate your count. See Why aren't my Tenable Vulnerability Management and Tenable Security Center assets deduplicating? above.

Note: [SME REVIEW] Confirm that the license dashboard (Settings > License) showing multi-source asset counts is available across all subscription tiers.