I noticed duplicate assets occurring in InsightVM from network scans that use Scan Assistant. The issue is when a system is reimaged / rebuilt with the same hostname and IP, R7 adds it as a duplicate asset with a new unique identifier. Moreover, all the custom tags are not assigned to the newly duplicated asset.
This is negatively impacting Remediation Projects and other areas where the tag is being used.
I requested these two IDEA / feature requests:
If a duplicate asset is discovered with same IP and hostname and with a different unique identifier, then rename or mark the old asset unique identifier as stale or give custom option to bulk delete them.
If a duplicate asset is discovered with same IP and hostname and with a different unique identifier, and custom tags are attached to old unique identifier, then copy over the custom tags to the new active asset.
Do you have the agent deployed in your environment? I scripted out a rough solution to this for instances where there are re-imaged assets that make use of a freshly installed agent. If so I would be happy to share via github or collaborate to improve it.
@mcarns,
We use the Insight Agent on Laptops, the Scan Assistant on servers and VM’s, and shared creds for infrastructure assets. I am very interested in your script
A rebuilt asset will create a new asset record on purpose, that’s the design intent. It’s not really a duplicate at that point. If the goal is to avoid extra vulnerabilities based on two instances of the same machine existing, I’d have to recommend just deleting the old record. Manually if it’s a rare situation, through lower asset data retention if it’s extremely common, or through api scripting if it’s somewhere in the middle.
