In larger enterprises, you can reduce the time and cost of setting up and maintaining locations by deploying environments with the same internal IP addresses. Use Tenable.io networks to disambiguate between assets that have the same IP addresses across environments and prevent those asset records from overwriting each other.
Create a network for each environment, and assign scanners and scanner groups to the network. When a scanner scans an asset, the associated network is added to the asset's attributes. You can filter assets by network or create dynamic tags based on a network. Recast rules and access groups do not support networks.
A scanner or scanner group can only belong to one network at a time.
There are two types of networks:
Default—The network to which a scanner or scanner group belongs unless you assign it to a custom network. You can view scanners in the default network, but you cannot add or remove scanners from the default network. If you remove a scanner or scanner group from a custom network, or if you delete a custom network, Tenable.io returns the scanner or scanner groups to the default network. Tenable.io automatically assigns related data to the default network when you link new scanners to your Tenable.io instance, create scanner groups, or import asset data, vulnerability data, exclusions, or scan results.
Custom—A network you create.
You cannot add AWS assets to network objects. For AWS assets, use the network segmentation provided by AWS instead.
To manage networks:
- Create a custom network.
- (Optional) Create a scanner group, and add scanners to the group.
- Determine which scanners or scanner groups are available to assign to the custom network.
- Assign scanners or scanner groups from the default network to the network object you defined.
- Maintain the network as appropriate:
Updated almost 2 years ago