Been running compliance policies against a single Windows 2016 using CIS Member Server v1.1.0 L1. What I don;t understand and I hope someone can explain is that the server has a cloud agent installed and there are 2 asset entries being shown when I search using the IP, one is for the IP and the other is for the cloud agent which I understand.
The real issue is that the cloud agent entry shows 2 controls failed the policy yet the IP entry shows that 7 controls failed the same policy for the same host (different assets according to the IDs though). The extra 5 controls that are failing on the IP entry are of course showing as passed on the cloud agent entry.
The other weird thing that I can't get my head around is that when I do a policy scan against both those asset IDs (IP and cloud agent entries) either using an Asset Group or an Asset Tag (and "Scan agent hosts in my target" on or off) only the IP entry shows that it was scanned.
Can anyone explain what is going on before I post about the controls and their varying findings which also seem to be dependent on whether they were scanned by IP or cloud agent.Policy Compliance & FIM