The first step to great vulnerability risk remediation is knowing what assets are actually in your environment, and seeing as much relevant information about these assets as possible. To achieve this, after Vulcan ingests data from the different connectors in your environment, the platform sets about correlating and de-duplicating these assets. 

Because each environment is different and each tool, be it Vulnerability Assessment scanner, CMDB or Asset inventory, is configured differently, Vulcan allows you to configure how this de-duplication occurs.

If you would like to change your configuration, please contact Vulcan support or your Customer Success Manager. They will be happy to help you choose and implement the best configuration for your environment.

Configuring the correlation

To decide on the best configuration for you environment, ask yourself the following question:

What is the unique identifier or unique combination of identifiers for assets in my environment?

Vulcan supports the following identifiers:

  1. Cloud InstanceID

  2. MAC address

  3. IP

  4. Hostname, or asset name

  5. FQDN

  6. OS

  7. OS version

An easy example would be an environment where each host is assigned a descriptive, unique name. In that case the unique identifier would be Hostname.

A more complex example would be an ephemeral environment where IP addresses and hostnames are frequently reused, where in that case a combination of both IP address and hostname would be a more suitable identifier.
In this example the following 2 assets would not be correlated, but result in 2 distinct assets:

  • Hostname: MyAsset1, IP: 192.168.1.100

  • Hostname: MyAsset1, IP: 192.168.1.101

And neither will these 2:

  • Hostname: MyAsset1, IP: 192.168.1.100

  • Hostname: MyAsset2, IP: 192.168.1.100

Only an exact match on 2 fields will correlate.

Advanced configuration - Correlating on either of 2 identifiers

In some cases, where a single unique identifier or a unique combination can't be established for all assets, it will be necessary to correlate on one of multiple identifiers. This is supported with the same list of identifiers mentioned above.

Did this answer your question?