AnsweredAssumed Answered

Agentless tracking, tracking types and duplicate host assets

Question asked by Hywel Mallett on Aug 17, 2015
Latest reply on Jun 28, 2017 by Martin Walker

Am I the only person who is a little confused about the correlation between agentless tracking and the tracking type?

 

If we ignore the agentless tracking option for now, and consider only the host asset tracking type:

  • If we add a new host asset as IP tracked, then we later scan it when it has a different IP address (because of DHCP), we will then have two (duplicate) host assets in our database.
  • If we add a new host asset as DNS tracked or NetBIOS tracked, then when we later scan it when it has a different IP address, as long as the DNS name or NetBIOS name matches, there will be a single host asset in our database.

Is this correct?

 

If we enable agents tracking, we have a host ID on each host that we can set/get with authenticated scans. How does this interact with the tracking method? E.g. if we do a scan, then the IP address of the machine changes, when we scan again, if the asset is set to IP tracked, we still get a duplicate host asset in the database. So the question is then, what is the point of the agentless tracking?

 

In a test case, where a machine has multiple IP addresses (such as laptops which are connected to the same subnet by both wired and wireless connections), we also get duplicate host assets. As a result we're ending up with lots of duplicate assets.

 

What's the solution? (Other than the cloud agent)

Outcomes