Jul 25 2019 04:57 AM
Hi,
We have started to see several cases where machines are duplicated for a number of reasons and this has somewhat caused a concern for us while a machine is listed in the active state.
We understand the off boarding process, as mentioned back in March by Heike Ritter, however this is not always a practical solution especially when a machine was rebuild and the process was not followed. Furthermore when a machine is rebuild and a duplicate (or more) entry is created, the older of the two or more entries seems to stay active for 7 days before moving to a non active state.
With this issue, can we possibly request a functionality where we can force change the status of a known (non active) machine to inactive. (In Qualys the same symptom of duplicates exist and here we can delete the asset entry). Naturally if the machine with the same machine ID comes back online for some reason it should be marked active again.
Thanks
Mornay
Aug 06 2019 04:51 PM
Sep 03 2019 06:01 AM
@jamrobotDuplicate 'inactive' machines are also effecting my organisations TVM exposure score. An example being a machine with three instances. One active, and two inactive. The active machine shows far fewer ‘Security Recommendations’ than its inactive counterparts.
I understand that ATP retains previous inactive iterations because at the data retention setting, we have it set at 180 days.
However, it appears that the exposure score is using the security recommendations on the inactive machines to calculate its score. Most of which have been dealt with as can be seen by looking at the active machine. I have asked if there is a way of omitting the inactive machines if there is a matching active one. I will feedback if I findout anything.