The article explains the Project setting "Ignore IPs when importing Assets" which you can set up on the Edit Project Info page.
Note: This setting only affects imports from network scanning tools, so DAST, SAST, SCA, and Container, etc are unaffected.
Overview
By Default, for assets which have IP addresses, Nucleus automatically matches new assets based on IP address. This works very well in network environments set up with static IP addresses. All new scans will map to the IP address, allowing for easy asset matching across scans all targeting one IP address.
However, in some environments, assets utilize hostnames to determine which asset it is, and the IP address changes, sometimes as often as every vulnerability scan. With the default behavior of Nucleus, every time an IP address changes, a new asset would be added to the assets list in Nucleus. This can become annoying for DHCP environments where IP addresses change regularly.
To support the changing of IP addresses, Nucleus allows you to configure matching of new assets based on hostname rather than by IP address. You can configure this on a per-project basis so that if you have certain subnets that are static and others which are DHCP, you can support both within your Nucleus account.
Supporting DHCP Environments
To set up your project to support the changing of IP addresses is very simple. Navigate to the Edit Project Info page in your project, and then check the box for the setting "Track Assets By Hostname".
Then click Save Changes and you are all done. This project will now use the hostnames to map assets together rather than the IP addresses.
How It Works
As mentioned previously Nucleus by default maps together assets from new scans based on IP address (for network scanners such as Qualys, Nessus, and Rapid7). However, by enabling the DHCP setting for the project, Nucleus behavior changes to do the following:
- Map together assets from new scans based on hostname, not IP address
- In the event that a scanned network asset does not have a hostname, the IP address becomes the hostname, so new scans will still be mapped to assets based on IP address for assets which do not have a hostname
- Application scan imports will be unaffected by this setting. This setting only affects assets which have an IP address
Final Thought
In the event that an asset has changed IP addresses, you can also manually merge two assets together by using the Merge button on the All Assets Page.
Comments
0 comments
Please sign in to leave a comment.