The AlienApp for Tenable.io features powerful vulnerability assessment capabilities that can be paired with USM Anywhere for extended security management. When you configure the app in USM Anywhere, you have the option to allow Tenable.IO Vulnerability Management to create assets that are discovered in scans, as well as merge the asset information provided from the Tenable.IO scan with the existing asset information in USM Anywhere.
Asset Creation from AlienApp for Tenable.io
When Tenable.IO runs a scan, it identifies all assets in the scan and assigns them an individual identifier (ID). These assets can be added to USM Anywhere by selecting the Allow Creation of New Assets checkbox in app's configuration menu. Assets created from a Tenable.IO scan will include the information ported from Tenable.IO in the USM Anywhere asset details.
Duplicate Asset Merge
Assets discovered in Tenable.IO scans may duplicate the assets already discovered in USM Anywhere. When you select the Allow Merging of Existing Assets checkbox in the Tenable.IO configuration menu, USM Anywhere will merge the information from the Tenable.IO scan with the existing asset. Assets are matched by comparing the variable IDs, IP address, and hostname from the Tenable.IO scan with the same asset details in USM Anywhere.
Manual Asset Merge
If the Merge Duplicate Assets checkbox in the Tenable.IO configuration menu isn't checked, USM Anywhere will keep a record of the assets that match one another. These assets are contained in the Merge Asset tab in the AlienApp for Tenable.io page.
To review these duplicate assets, click the Merge Asset tab and click Review next to the asset in the list. From here, you can respond to the asset discrepancy with one of the following actions:
- Reject: Cancel the match without creating a new asset or merging it with an existing asset, effectively ignoring the new asset discovered in the Tenable.IO scan.
- Create New Asset: Create an asset in USM Anywhere based on the information from the Tenable.IO scan.
- Merge: Merge the information from the Tenable.IO scan with the matching asset details in USM Anywhere.
- Manually Match: Choose the matching asset manually.
Once you have selected a response to the asset review, the status of your choice is reflected in the table of assets in the Merge Asset tab.
A USM Anywhere asset that has been merged with a Tenable.IO profile can be split back into two separate assets after they have been merged.
To split a merged asset
- Go to Environment > Assets.
Locate the asset you want to split and click the button next to the asset, and then click Full Details.
In the full asset view window, click Split Asset in the Asset Discovery section.
A window opens showing the existing asset and the new asset that will be created once the two are split.
- Click Split Asset to undo the asset merge and create a separate, new asset.