Hi all,
I need some insight from the hive mind regarding duplicate hosts / vhosts records and possible way to remedy the situation. 
I’m currently running multiple scans on a weekly basis and week after week I find duplicate host entries in my asset list which I manually have to clean up. I also experimented with the expand_vhosts option but the outcome stays the same.
Is there a way to guarantee that every IP that is scanned results in only one hosts entry?
Cheers
David
To understand your issue better, I think you need to clarify the configuration of the infrastructure you are scanning.
I’ll try, but maybe you could be a bit more specific about what kind of information you need exactly?
I’m currently running the Greenbone Community Edition from the official Docker compose file in a dedicated subnet and scanning multiple targets (i.e. other subnets) with a variety of systems and services: Windows and Linux servers, network infrastructure etc.
Sure, to start with, is this happening for all the hosts that you scan or just some or one? Which one(s)? What are those hosts configured to do / what services are running on them?
Thanks for specifying!
I’m not seeing this behaviour for all hosts, maybe 3% of the total amount. The environment I’m scanning is very diverse, and I’m not in charge of most of these hosts, so I don’t really know what services they are running most of the time.
Are there services prone to “generating” these duplicate host?
I’m under the impression, that a change to one of the host identifiers results in a new asset object being created. Is there a way to prevent this? Maybe a SSH key changes due to hardening or the hostname changes from upper to lower case.
I’d like one object per IP address, regardless of identifiers.
So, my input from the “hive mind” is that perhaps your perspective on what a “host” is. You seem to equate it with an asset. However, is this what Greenbone intends to consider the same thing?
Take for example a simple CPanel or Apache web server. This may be considered a single asset, but the term “V-host” (Virtual Host) implies multiple hosts. Is Greenbone taking this perspective? Are these 3% of systems that result in multiple hosts being created share some similarity? Are all the details of each host completely identical do they have different meta data collected from the scan such as SSL/TLS certificates, hostnames, FQDN, etc.
Anyway, its a a bit late here, just offering my first take perspective on this. 