Remove and Prevent Duplicate Assets
In Tenable Vulnerability Management, assets get assigned a unique ID when scanned with credentialed or agent scans. Tenable Vulnerability Management checks this unique ID each time a scan runs, so that it can update the existing asset record with new findings, resolved findings, or resurfaced findings. When you then run an uncredentialed scan against the same asset, there could be scenarios in where the scanner cannot log in to the asset and retrieve the unique ID. This causes Tenable Vulnerability Management to view the asset as new, and therefore create a new record (in this case a duplicate of an asset).
Remove Duplicate Assets
To remove duplicate assets in Tenable Vulnerability Management:
-
Within the Explore section, view your asset list.
-
Delete any duplicate assets.
Once an asset is deleted, Tenable Vulnerability Management immediately returns the license to your available license count.
Prevent Duplicate Assets
As a best practice, Tenable recommends scanning assets with a combination of uncredentialed, credentialed, and agent scans to ensure full vulnerability coverage. To resolve duplicate assets when running an agent scan and a non-credentialed Nessus scan, Tenable recommends using the Open Agent Port feature included in Tenable Nessus Agent versions 10.6.0 and later. To view more configuration information for this feature, see Configure Agent Profiles to Avoid Asset Duplication in Tenable Vulnerability Management in the Tenable Nessus Agent User Guide.
Note: The Open Agent Port feature does not merge existing duplicates. It only resolves asset duplication issues between agent scans and non-credentialed Nessus scans once you configure the setting.
While there are different use cases for each scan type, generally, Tenable recommends prioritizing the types of scans you run in the following order:
-
Credentialed Scans from a Tenable Nessus Scanner
-
Tenable Nessus Agent Scans
-
Uncredentialed Scans
-
Tenable Nessus Network Monitor
For more information, see Create a Tenable Vulnerability Management Scan.