Problem with conflicting IP fo Assets (Home Office)

Hey there,

i’m new here but i was told that you could help me out. :wink:
So I’ve tried to find anything regarding my issue here but i can’t find anything (or dont know the right keywords :roll_eyes: )

So we use the Insight Agent along with regular Scan Engines. Many of our employes are working from home or mobile.

Now I want to scan a device on our internal network that is on the 192.168.1.0/24 subnet. And of course I get feedback from various agents on assets that are in home/mobile office within exactly this address range, so that individual assets overlap with their IP addresses and I currently cannot correctly analyze the actual assets that are in our internal network.

Is there a way to tell InsightVM that the two assets (with the same IP) are not the same Asset?

Hope that was clear enough for you all. :sweat_smile:

Greeting
Lukas

Other than using a different RFC1918 address for your office?
Have you tried unchecking “Link Assets Across Sites”?
image

Hey @brandon_mcclure,

thanks for the quick reply.
Unfortunately changeing the RFC1918 address space is not a thing that we can implement quickly. But it’s on the list…

When i disable the “Link Assets Across Sites” is there a way to Match assets back together later on?

Cause there are also a some system with more than 1 Network Connection. Otherwise I have to weigh up the options of mixing scan results and manualy mark/link those assets with more than one interface.

@lwieners

1 Create a new dynamic asset group called Site Group - Not Rapid7 Insight Agents

  • Example filter in screenshotimage

2 Add the group to a site

  • Example in screenshot where to put the group image
1 Like