Hi all,
I’ve created a site which assets are populated by the dynamic SONAR connection. I’m using my customer’s real domain for the SONAR query but let’s assume here it’s contoso.com.
There’s a couple of details I don’t understand (or seem to find answers from Rapid7’s documentation):
- Isn’t the idea of the query to enumerate assets as FQDNs? So why does it populate the site target assets as IP addresses? IP addresses change from time to time (especially for cloud resources) but DNS names are more or less permanent.
- How do I know the populated IPs still belong to their respective static DNS names when the next scheduled scan is run? If the target list had DNS names, the scanner would probably poll the IPs just before the scan. But as they are already IPs, what’s the poll mechanism?