Third-Party Data Deduplication in Tenable Exposure Management

Tenable Exposure Management consolidates asset and vulnerability data from both Tenable products (1st party) and third-party integrations to provide a unified, accurate asset inventory. When duplicate assets are ingested from different sources, Tenable automatically applies deduplication logic to merge records into a single asset view.

This guide explains how deduplication works for third-party data, how the system prioritizes conflicting values, and where users can view this information in the platform.

Why Deduplication Matters

Merging duplicate assets improves clarity, reduces noise, and enables more accurate risk assessment. In Tenable Exposure Management, deduplication happens automatically across sources, giving you:

  • A single source of truth for each asset.

  • Complete visibility into merged properties from all integrated platforms.

How it Works

Tenable Exposure Management achieves asset deduplication by crossing complex merge criteria and identifying duplications across the data ingested from the different sources.

The merging mechanism is designed to avoid disassembling and reassembling Tenable Exposure Management assets. If the merging criteria are met, new data is added to the existing structure.

Note: At this stage, Tenable Exposure Management uses a predefined merge strategy and property matching logic. Customization of merge rules is not currently available, but enhancements are planned for future releases.

Deduplication Criteria by Asset Class

Tenable applies a default merge strategy per asset class, using key properties to match and merge assets. The deduplication logic is case-insensitive and includes parsing of common formats (e.g., MAC addresses, hostnames).

Tip:  For more information, see Asset Classes.

Asset Class

Default Merge Properties (in order of priority)

Device

  1. External Identifier

  2. Mac Addresses

  3. Name + FQDNs + IP Addresses

  4. Name + FQDNs

  5. FQDNs + IP Addresses

  6. Name + IP Addresses

  7. Name

Container

  1. sha256

  2. name

Web Application

  1. Webapp Homepage Screenshot Url

  2. Name

Cloud

Account

Role

Group

Storage

Resource

Other

External Identifier

Important! The merge criteria listed in this document apply only to third-party data (data ingested from Connectors).
Tenable-native assets, such as the data that comes from Tenable Vulnerability Management, follow separate internal deduping logic.

Important! Assets with different Tenable UUIDs will never be merged, even if all other third-party matching criteria are met. This safeguards the integrity of Tenable-managed assets and prevents unintended merges.

Property Merge Order

When multiple sources provide different values for the same property (for example, conflicting IP addresses or operating systems), Tenable uses a fixed priority order to determine which value appears in the unified Assets view.

Default Merge Priority

  1. Tenable-native sources (such as Tenable Vulnerability Management) take precedence.

  2. Third-party Connectors are prioritized by the order they were connected. The first connected source is used unless its value is missing, in which case the next available source is used.

    Note: The order of connectors influences the merging process. The first connector that completes processing within Tenable Exposure Management determines the identifying criteria.

Example

An asset is discovered by:

  • Tenable Vulnerability Management

  • CrowdStrike (connected second)

  • Microsoft Defender for Endpoint (connected third)

Each source reports different values for IP address and operating system:

Property Tenable Vulnerability Management CrowdStrike Microsoft TVM
IP Address 10.0.0.1 172.16.5.10 192.168.1.100
Operating System Windows 10 Pro Windows 11 Windows 10 Enterprise

Result:

  • The IP address and OS from Tenable Vulnerability Management are selected and displayed in the UI.

  • The values from CrowdStrike and Microsoft TVM are still stored and viewable in the Asset Details tab but are not shown by default.

Deduplication Limitations

  • Assets must belong to the same class to be merged. For example, two assets from different connectors wont merge if one is an Account and the other is a Role.

  • For cloud assets, provider IDs may differ by vendor. For example:

    • AWS via one connector might use full ARN

    • Another might use a shortened ID

    • Tenable supports matching multiple keys via a list-based NATIVE_ID.

Additional Resources