Creating Assets from a Vulnerability Scan Report for Dynamic Zones
For assets in dynamic zones, assets are identified by IP address and host name and/or MAC address. Asset identifiers are looked up in the following order in a dynamic zone is:
MAC address > host name > IP address
By default, assets are not created in a dynamic zone if there is no host name present. The property set by default is:
scanner-event.dynamiczone.asset.nonidentifiable.create=false
Also by default, previous assets with similar information are discarded. This ensures that the network model is kept up to date with devices that are actively reporting events. The default property is set like this:
scanner-event.dynamiczone.asset.ipconflict.preserve=false
You can configure the system to create an asset if the asset has either an IP address or a host name, or to preserve previous assets with similar information by customizing settings in server.properties
.
If you want to change the default behavior, refer to the ESM Administrator's Guide. Under the "Configuration Tasks" section, see the topic, "Asset Auto-Creation from Scanners in Dynamic Zones."