A high-level overview of asset duplication in RiskSense. Includes information about asset merging and precedent behavior details.
Unintentional duplication of web applications and network hosts within the RiskSense platform can occur from time to time. Common reasons for asset duplication include cases where scan results of the same hosts or applications are uploaded into different RiskSense network partitions (e.g., last month's scan of workstations is uploaded into a network named ABC, but this month's scan of those same assets is uploaded to network XYZ) or the use of a network partition type that does not match the unique static identifier for an asset environment (e.g., uploading scan results of hosts with dynamic IP addresses into an IP-aggregated network).
RiskSense provides two functions that can aid in asset de-duplication: Change Network and Merge Hosts/Merge Applications. Both options can be found within the More toolbar menu drop-down list in the Manage > Applications or Manage > Hosts list views.
While the Change Network feature is used to migrate assets between network partitions, the feature also provides an option named Force Merge On Conflict, which can be leveraged to de-duplicate hosts or applications that have been uploaded into separate RiskSense networks.
With the Force Merge On Conflict option enabled, assets being moved into the target network that carries the same aggregation key as an asset that already belongs to that network will be combined into one asset record. For example, let’s say that an asset with a hostname of “Nancy’s Laptop” and an IP address of 10.20.30.41 is selected. We use the Change Network option to move it from its currently assigned hostname-based network into an IP-aggregated network partition. Let’s also say that the Force Merge On Conflict option has been enabled and that an asset with the same 10.20.30.41 IP address already belongs to the IP-based network. In that scenario, submitting the Change Network command will merge the two assets into one.
The RiskSense Merge Hosts and Merge Applications features allow a user to filter for and select two or more assets to combine into one while giving the ability to specify into which asset the duplicates are to be merged.
RiskSense Asset Merging and Precedence Behavior Details
Merging procedures involve Target/Destination assets (the application or host into which other assets are being merged) and Source assets (the host or application(s) being merged into a Target asset).
Target assets retain all information post-merge, including any tags, notes, or user assignments associated with the asset.
Any scanner findings from the Source asset(s) that do not already exist on the Target asset are migrated over and associated with the Target.
User assignments to findings will be retained post-merge *unless* the assigned user does not have access to at least one of the groups to which the Target asset belongs.
Any Notes applied to an asset acting as a Source or finding from that Source asset not already applied to the Target are not migrated.
If the Source and Target asset have the same scanner findings/plugins, any user finding assignments of the source host will be carried forward to the findings in the target host.
Post-merge, the Finding History pop-up dialog will mention new assignments for the findings in the target host.
If a user migrates assets between networks and chooses to merge duplicate assets, the RS³ scores for the merged assets will now be updated automatically.