Is it necessary to remove assets from a discovery scan when it is complete to prevent assets from showing up in multiple sites when running a report?
An asset will only appear in multiple sites (when running a report or looking at the asset site membership) if the asset has been assessed as part of that site. This means someone put the IP address/host name as a target in the scope of the site at some point (even if they then removed it from scope later) and scanned the asset within that site. That asset’s assessment results impact the risk score for that site.
If you have accidentally scanned an asset as part of the scope of a site or no longer need it to be in that site based on your categorization, you can simply select the asset results from that site and click “Remove asset from site”.
Hope this helps!
Thank you for the quick response. For more clarity, when running a discovery scan on asset that is assigned to a Site, the asset will show up in the report as part of the Site and part of Discovery scan. If I understand your response, the way to prevent this is to manually remove that asset from the Discovery scan. Secondly, if an asset has been discovered but not yet assigned to Site, when that asset gets assigned to a Site, this manual process still needs to happen? There is no way for R7 to automatically assign the asset from the Discovery scan to the Site?
If you have a single site setup for discovery scans, then the assets will show up in multiple sites and will need to be removed manually if you do not want them to show up in the discovery sites in the console and reports. I tend to run my discovery scans on the IP addresses within each site so I don’t have to remove them from a single discovery scan. Essentially, I setup a scheduled scan with a discovery scan template. Then I have a dynamic asset group for any assets scanned within that site within a certain timeframe, and I run a scan using the vulnerability scan template just on assets in the dynamic asset group.