Currently this feature is in Beta. If you would like to test this feature, please contact your Customer Success team.
Last Updated: 7/1/2024
Overview
NopSec aggregates your data through integrations with your specific tech stack. For each integration all of its data is brought into the system as part of a Target. A Target is any resource that is being scanned or tracked by one of your integrations. If you have multiple integrations scanning or tracking the same resources then you may have Targets that are the same resource, ie. duplicate targets.
NopSec will leverage its AI to attempt to correlate targets and identify relationships between targets.
The first set of relationships are Same Scanner Duplicates and Different Scanner Duplicates relationships. This effectively identifies duplicates allowing you to reduce your targets into what we will call Assets.
In the future we will release other relationship types which will further provide abstraction to things like Applications/Products and highlight all resources related to that type.
Duplicates and Correlation
NopSec will attempt to identify relationships between Targets by attempting to identify similarities across Target Metadata. The closer the similarity the more likely they are duplicates. This works across both Same Scanner duplicates and Different Scanner Duplicates.
Same Scanner Duplicate
A Same Scanner Duplicate is when one integration, for instance your Qualys Scanner is not configured to identify duplicates and it creates two Qualys Assets and returns two Qualys assets to NopSec. From Qualys' perspective there are two Assets. Maybe one asset is being scanned with an Agent and Credentials and the other is not. In the end you may look at those two Assets and determine they are the same device.
In this case, NopSec attempts to identify the duplicates within a specific integration and create an Asset.
Different Scanner Duplicate
A Different Scanner Duplicate is when you may have two integrations scanning the same resources. Maybe you do this to validate the scanner data for instance. In this situation, each scanner may have different capabilities and insights into a specific resource and may return different metadata. By Default, NopSec will treat them as two unique Targets, however, with relationships enabled it will attempt to identify similarities between the two targets even though they are across different scanners.
In this case, two targets are associated and an Asset is now visible.
Duplicate Primaries ie. Relationship Primary Ancestor
Relationships within NopSec are relationship graphs, for example, think of it as this:
- A is related to B
- B is related to C
- A -> B -> C
Each relationship is a relationship between two targets.
Relationships must be configured by specifying which Integration is considered to be a primary source, meaning, you believe this source to be closer to your source of truth. In the example above, let's add some context:
- A is scanned by Qualys
- B is scanned by Tenable
- You believe Qualys to be closer to your source of truth so you configure the Primary to be Qualys
When a relationship is created, the primary source's target is considered the primary source for the Asset metadata. This means that when you view an Asset you are viewing the data for the primary target.
As a target has multiple relationships, NopSec will consider the primary as the "ancestor" or the highest primary target as the primary source for the Asset metadata.
Assets
For now, Assets are any Targets without any relationships or the primary source Target in a relationship.
For example:
- Target A has no relationships
- Target B (primary) is related to Target C
- You would have 3 Targets and 2 Assets
- Target A
- Target B
Each relationship will have an Asset ID which is the primary Target's target ID. Example using the above example:
- Target A ID = 001
- Target B ID = 002
- Target C ID = 003
- Asset A ID = 001
- Asset B ID = 002
Configuring Relationships
You must reach out to your Customer Success team to enable the Beta release of Relationships. Once provisioned to your client, you will be able to configure relationships.
Enabling
- Go to Settings
- Click on Relationships Beta
- Click on the Enable Relationship Slider so that it is green
- Click Save
Disabling
- Go to Settings
- Click on Relationships Beta
- Click on the Enable Relationship Slider so that it is grey (off/disabled).
- Click Save
Reset Relationships
This clears all relationships and restores the system back to before enabling relationships. This is helpful if you believe you may have approved too many items incorrectly or just want to restart.
- Go to Settings
- Click on Relationships Beta
- Click on the Reset Approved Relationships button
- Click Confirm
Configuring Primary Mappings
Each mapping tells the system which integration source to treat as the primary source.
- Click on Relationships (Beta)
- Configure one or more Mappings by clicking on + Add Mapping button
- Ex. If you have Qualys and Tenable, create a mapping for Qualys as the primary and Tenable as the secondary
- Click on Create Mapping Rule
- Select Primary dropdown and select Integration Source
- Select Secondary dropdown and select Integration Source
- Click Save
Configuring Auto Approvals
By Default all relationships will have to be manually approved, but you can configure the system to auto approve items based on a specific range of similarity scores.
- Click on Relationships (Beta)
- Find the Mapping you would like to configure
- Enable Auto Relationship Approvals so that the slider is green.
- Set the Maximum number.
- Set the minimum number.
- Note: We provide a useful utility to see what NopSec recommends setting this value, by clicking on the View Recommendation button. This takes at least 24-48 hours to populate data to determine your best use case.