Dynamic Vuln Scan Across All Sites

Is there a way to scan an asset group that consists of assets across multiple sites where R7 InsightVM will dynamically know which sites to use based on the respective site defined asset IP ranges?

It seems very cumbersome to have to break apart the asset group into assets that match each site, and then run a scan for each site. Especially when you have numerous sites.

Unfortunately no. To scan an asset group within a site, all of the assets within that asset group must be contained within the scope of that site.

Could you share the criteria that you’re using to create your asset group? Most of the time this issue persists because the logic for the asset group should probably be a tag instead.

Things like groups based on OS, Server Type, etc should really only be tags. Asset groups should (most of the time) be subsets of a Site. For example I might have a “East Coast” site and within that site I would have multiple Asset Groups for the different offices or locations like “New York” and “Boston” Asset Groups. This allows me the create scheduled scans on only those asset groups to break up the amount of assets that I’m scanning at a time. The only reason to have a general “Windows OS” Asset Group for example would be if I needed it to create vulnerability exceptions for all of my Windows devices. For that you could have a separate Asset Group created off of the OS logic that pulls in assets regardless of the site.

I did get verification from R7 support that if a group contains assets from other sites, it would be unable to scan those.