My activities

Configuring Entity Reconciliation Rules

Short Summary: This article will detail how RiskVision's internal Entity reconciliation rules can be configured.

Full Detail: RiskVision allows organizations to import data related to entities from a variety of sources. Since multiple platforms (e.g., vulnerability scanners, configuration management solutions, CMDBs, etc) can identify entities in different manners, RiskVision has provided a mechanism for ensuring that information can be reconciled correctly for a given entity. Without this, vulnerability data may not be mapped correctly for an entity created by a CMDB connector. In addition, these reconciliation rules minimize the likelihood that a duplicate entity will be created.

The AssetIdentification.xml file (located in serverTomcatwebappsspcWEB-INFclasses) provides the logic RiskVision uses to accomplish these goals. The structure of the file is (using Account entity type as an example): <AssetIdentificationExpressions> <AssetIdentificationExpression assettype="Account"> <Any> <Attribute>objectGuid</Attribute> <Attribute>distinguishedName</Attribute> <All> <Attribute>name</Attribute> <Attribute>domainName</Attribute> </All> </Any> </AssetIdentificationExpression> </AssetIdentificationExpressions> In this example, all attribute elements within tags must be provided, and attribute elements with tags are created with an OR condition.

As a result, an Account entity is deemed unique if an objectGuid attribute is provided OR a distinguishedName attribute OR a name, as long as a domainName is also provided. Rather than editing this file, a copy of the file can be made in the c:serverconfig directory with only affected entities in the config directory version. Once placed there, an administrator can reload the configuration through the administration page.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Powered by Zendesk