By default, the Cisco Vulnerability Management platform only shows Assets with at least one open risk associated vulnerability. There are three different reasons why assets are not immediately visible in the UX.
1. Assets without risk-associated vulnerabilities
Many scanners report assets that have either no results, or only have informational/non-risk associated findings. These findings can include warnings about self-signed certificates, notifications of open ports, expiring X509 certificates, upgraded TLS needed (1.1 to 1.2), and more. Assets without vulnerabilities will not show in Cisco Vulnerability Management by default. The platform would rather show you the information critical to reducing risk than showing assets that need no action. Assets with Informationals (scored 0 by default) will show up in the UX, but can be excluded via a simple search term.
2. Inactive assets and non-open vulnerabilities
By default, Cisco Vulnerability Management will only display Active assets that have open vulnerabilities. This means that in the default view, you are not looking at inactive assets, or assets with only closed, risk accepted, or false positive vulnerabilities.
If you wish to see all of your assets within the platform, you will need to select three checkboxes under the Asset and Vulnerability Filters in Explore.
First, we want to check the “All” status under Asset Filters for Inactive vs Active assets. This will show all assets that have at least one open vulnerability.
Second, we want to select the “All” status under the vulnerability filters “Status” to include not only Open vulnerabilities, but also any Risk Accepted, False Positive, or Closed vulnerabilities.
Third, in order to include all assets, we will need to toggle one final checkbox. Underneath the “Asset Filters” the last option is called “Additional Filters”. Open this dropdown, and check “Include all Assets”.
Once finished, your filters should have the three boxes checked.
If you would like to understand how to see the number of licenses you are using against your purchased license count, please visit the page here.
3. Assets outside of the Asset Purge Period
Once an Asset has gone inactive and falls outside of the Asset Purge Period, it will be deleted from your Cisco Vulnerability Management account. In addition, connector runs will not import assets which fall outside of the Asset Purge Period.