I have a client, call him Digby Widgetts. Digby Widgetts has a Widgett factory in Bolivia and when the Nessus Secruity Center (the latest version with all scanners up to date)) in San Francisco does a vulnerability scan it discovers say 6000 IPs which is way more than physically exists in Bolivia and it exceeds the licensing of Security Center so all the scans get blocked. The team in San Francisco needs to find out why so many more IPs are being scanned than really exist as physical devices. One theory is that many of the devices have multiple IP address assigned to them so are actually being scanned twice or more. The staff in Bolivia has neither the staff, time nor inclination to inventory all the hosts in their data center and desktops for IP addresses and San Francisco does not have visibility into Bolivia except thru Nessus Security Center. Mosts of the devices are Windows desktops (say Win7), Windows Servers (2k 2008,2012 etc, mostly as VMs) and ESX servers.. Only a handful of Linux devices and Network gear so they won't contribute much to the total.
Does any one know of a plugin or strategy for Nessus I can use to determine the actual devices and what IPs they listen too so I can set the scanner to only scan one IP per device?
Thanks in advance.