We are trying to deploy the Rapid7 Insight Agent on our VMware VDI machines. They are non-persistent, instant clones. We are running into an issue where every time a clone comes online, it’s creating a duplicate instace of the machine in the InsightIDR console.
We’ve followed the instructions here https://docs.rapid7.com/insight-agent/virtualization/, ie stopped the service, removed the bootstrap.cfg, and captured the image, however the clones still create duplicate entries.
when you say the IDR console, do you mean the agent management page? If so this is expected behavior currently. We are working towards solving this issue by correlating VDI assets by some value other than the agentid, but right now the agent management page relies solely on the unique agentid for each agent shown, and each VDI will have its own unique agent id.
One thing to note, if these VDIs spin up and down and maintain the same hostname (as opposed to some random name) then IDR itself will correlate the newly provisioned agent to the same hostname in IDR.
The VDI’s host names predetermined by the provisioning settings using a naming pattern within VMware Horizon. ie VDI-X, where X could be any number from 1 to the max number of provisoned VDI’s in the pool.
Understood, so then with IDR itself the assets would only have 1 record for each FQDN, whereas in Agent Management there is going to be 1 record for each uuid. One way to get a better sense the overall counts of agents to look at would be to apply filters based on their status, such as Online or Offline with a timestamp within the last 24 hours. For example
