INFORMATION

Identification is the process of matching a set of attributes collected by a sensor (e.g. Nessus) to an existing asset. If Tenable Vulnerability Management is unable to find an existing asset that matches the incoming host, it is treated as a new asset and added to Tenable Vulnerability Management. The following section explains how Tenable Vulnerability Management matches hosts to assets. 

DETAILS

Each identification request is based on a list of key-value pairs representing properties that have been observed/collected. Tenable Vulnerability Management uses a subset of these properties, called Identification Attributes (IA), in an attempt to determine whether an asset has been previously seen. 

Our current list of IAs is:

1. AWS EC2 Instance ID
2. Azure VM ID
3. GCP Instance ID
4. BigFix Asset ID
5. Tenable UUID
6. BIOS UUID
7. Network UUID
8. MAC Address
9. NetBIOS Name
10. Fully Qualified Domain Name (FQDN)
11. IPv4 address

These are ordered on a spectrum, from authoritative to speculative, based on their ability to accurately link a host to an existing asset.

Internal IDs generated by cloud computing platforms (Amazon Elastic Cloud Compute, Microsoft Azure, Google Compute Engine, etc.) are 100% authoritative and unique. If the Tenable Vulnerability Management asset tracking system matches assets using one of these identifiers, the decision is guaranteed to be correct. Every asset should have at most one value for an identifier in this class.

Properties below Network UUID are considered to be "scoped" to the network, meaning that for an asset to be considered as unique with the same MAC Address, NetBIOS Name, FQDN or IPv4 the asset will need to belong to the same Tenable Vulnerability Management defined Network as well. For more information, refer to the Tenable Vulnerability Management documentation on Networks.