To identify the IPs counting towards the license:
1. Log in as a non-admin user with access to all repositories and all available ranges.
2. Go to Analysis > Vulnerabilities.
3. Edit filters and set:
- Analysis Tool = IP Summary
- Click select filters, and add this filter: Plugin ID != 3,12,10180,10287,10335,11219,11933,11936,12053,14272,14274,19506,22964,33812,33813,34220,34277,54615,800000-8
- If applicable: Target Filters > Repositories: Use CTRL+Click to exclude any remote/offline repositories from
other licensed SecurityCenter installations.
4. Click More in the upper right and click Export as CSV.
5. Calculate the unique IPs, using Excel.
I. Open vulns.csv in Excel.
II. Click "A" at top of the IP Address column to select the entire column.
III. Go to Data tab of Excel ribbon and click Remove Duplicates.
IV. You will be warned that there is data next to the selection. You do NOT want to include other columns. Select "Continue with the current selection" and click "Remove Duplicates...".
V. Click OK.
VI. Excel will tell you how many unique values remain; this total includes the header, so subtract 1 from the result for the unique IP count.
If the number of unique IPs matches the number of Total Active IPs at System > Configuration > License, then you have successfully generated a list of the IPs counting towards your SecurityCenter license.
If the number of unique IPs does NOT match the number of Total Active IPs, then there is data in one or more of your repositories that you cannot see in Analysis > Vulnerabilities view. This is usually due to PVS monitored ranges being larger than the repository that's importing the PVS data. You can change the repo range to 0.0.0.0/0 to see any "invisible" IPs that may be counting against you.
Followed the steps, and the numbers don't match...what I have in the CSV is more than double my current license count. So I don't know what on this list is not actually counted. I follow the process, but clearly I'm not eliminating everything that should not be counted. (CSV has 4061 IPs), but my Center reports 2002 IPs. Also, the exact PluginID list above doesn't parse (the last entry gives a range error). Should it be 800000-800008 or something else? Thanks for the quick reply BTW...
You an use 800000-800008 as well, or remove it entirely if you don't have custom plugins.
The Analysis view in SecurityCenter should also have a search total in the upper right, and that may be more accurate for your IP count. If it's still showing over 4K IPs then something else may be causing duplicates to show up in that view when it shouldn't. I suggest reaching out to support at that point, as they can go over what's counting against your license in more detail.