AnsweredAssumed Answered

Agentless tracking, tracking types and duplicate host assets

Question asked by Hywel Mallett on Aug 17, 2015
Latest reply on Apr 24, 2018 by Martin Walker
Branched to a new discussion

Am I the only person who is a little confused about the correlation between agentless tracking and the tracking type?


If we ignore the agentless tracking option for now, and consider only the host asset tracking type:

  • If we add a new host asset as IP tracked, then we later scan it when it has a different IP address (because of DHCP), we will then have two (duplicate) host assets in our database.
  • If we add a new host asset as DNS tracked or NetBIOS tracked, then when we later scan it when it has a different IP address, as long as the DNS name or NetBIOS name matches, there will be a single host asset in our database.

Is this correct?


If we enable agents tracking, we have a host ID on each host that we can set/get with authenticated scans. How does this interact with the tracking method? E.g. if we do a scan, then the IP address of the machine changes, when we scan again, if the asset is set to IP tracked, we still get a duplicate host asset in the database. So the question is then, what is the point of the agentless tracking?


In a test case, where a machine has multiple IP addresses (such as laptops which are connected to the same subnet by both wired and wireless connections), we also get duplicate host assets. As a result we're ending up with lots of duplicate assets.


What's the solution? (Other than the cloud agent)