How to Setup a Network Device Discovery Scan
This lesson will explain how to set up a scan job to scan your environment for network devices. The lesson assumes that you have already installed your PAD, set up your IP Ranges, and set up your Credentials. See the previous lessons in this chapter if you have not done so.
Asset Vision® uses an agentless method of scanning. Agentless scanning has the profound benefit of being non-disruptive to the configuration of your target systems. The method we use to perform discovery is based on the creation of scanning jobs that run according to a particular schedule. The scan jobs implement the various discovery techniques built into Asset Vision®.
1. Create a New Device Discovery Scan Job
Navigate to: Setup > Discovery Setup > Scan Jobs > Manage. This data view displays all of the currently existing scan jobs.
- Click New at bottom of page to launch the Job Category selection window.
- Click Network Devices.
- Choose Discoverable Devices from the drop down menu to set up a scan job that will discover and inventory devices on the network.
- Click OK.
This will launch the Create Devices Scan Job wizard. Your progress in the wizard is indicated at the top of the main window. Navigate the wizard with the Next and Back buttons at the bottom of the page. You may also click any previously-visited node a the top in the progress bar to jump back more than one section.
2. Select Scan Types
- Check the box of each Scan Types to include in the scan job. It is a good idea to set up scan jobs according to what IP range you want to scan. For instance, if you set up an IP Range for that includes Windows machines or Virtual Servers you can set up scan jobs accordingly. These are the scans Asset Vision supports:
- Scan Windows devices: scan Windows-based operating system devices. Uses WMI to collect hardware and software inventory, and collects generic service information such as Biztalk and Project Server services.
- Scan Unix devices: scan Unix-based operating system devices for hardware and software inventory.
- Scan Telnet Thin Client devices: scan for Thin Client devices via the telnet protocol.
- Scan macOS devices: scan Apple macOS devices for hardware and software inventory.
- Scan Hypervisor devices (ESX, Hyper-V, KVM and HMC): scan virtual environments, virtual to physical mapping, and detect Hyper-V installations.
- Scan other network-enabled devices: scan other devices such as printers, routers, and VOIP Phones connected to the network.
2. Click Next.
3. Configuration
View and update all default Configuration settings for the selected scan types. Any secondary options will be displayed for selected scan types such as Windows OS System Patches and Digital Product IDs.
- Scan Type - Full / Incremental scan: A Full Scan will simply scan all machines in the range, regardless of whether we have already scanned the machine. An Incremental scan (default setting) will only scan machines where the last successful scan date/time is older than the number of days specified for the Maximum Scan Age setting. This option can be used to keep the information in Asset Vision current without running complete scans too often. Note: As IP addresses allocation can be dynamic, incremental scans will convert IP addresses into FQDN host names to help minimize IP address/device misalignment in Asset Vision due to a device being assigned an IP address that has already been scanned but is now assigned to a different device.
- Discovery Probe - NMAP / ICMP Ping: In most cases the default options are best, however certain organizations actively prevent the use of the Nmap protocol for discovery. Nmap is our default, basic device scanning option, as it enables us to shift to upper layer discovery protocols more quickly, however we can use ICMP Ping if required.
- Maximum Scan Age: Length of time, in days, in which the probe will skip scanning a previously discovered IP address, in an effort to decrease the amount of redundant network traffic within a given scan period. Best practice for this setting is that it is generally configured to match, or be close to, the length of time that is specified for the DHCP lease time within the organization. Only applicable to the Incremental Scan Type selection.
- IP's per launch: Defines the number of IP addresses that are taken from the IP Range at one time and given to the Primary probe (NMAP or ICMP/Ping). This feature allows the Primary Probe to process IP numbers in parallel. A practical limit is 100, but a setting this high increases the memory and CPU usage on the PAD machine. The default is 10, which is a good compromise between performance and resource usage.
-
Windows Settings: (Available only when Scan Windows devices was selected in the Scan Types section)
- OS System Patches: scan to allow Asset Vision® to perform its vulnerability analysis.
- Digital Product IDs (DPIDs): gather Microsoft Digital Product ID data where available. Especially important for calculating licenseable inventory.
- IBM Software: Searches specific device directories for installed IBM Software, including DB2, WebSphere Application Server, etc. installed on Windows, Linux and AIX platforms.
- Directories to search for IBM Software: Comma-separated list of directories where IBM-related software search is performed.
- IBM ILMT Acknowledgment: Enable check for IBM ILMT Signatures.
-
Unix Settings: (Available only when Scan Unix devices was selected in the Scan Types section)
- Directories to search for IBM Software: Comma-separated list of directories where IBM-related software search is performed.
- IBM ILMT Acknowledgment: Enable check for IBM ILMT Signatures.
-
NMap Settings:
- Exclude Devices from a scan where 'reset' is the only response: When checked, the Device Discovery job will ignore NMap TCP packet responses of "reset" (RST) instead of creating a device record.
- Click Next.
4. Select PAD
Select a PAD from a list of existing PADs from the drop down list. Click Next to continue.
5. Location
Select a desired pre-defined IP Range Set:
- Click the Add (plus sign) button. This will bring up the IP Range Set dialog that contains previously-defined in other scan jobs or created manually via the IP Ranges UI.
- Check the IP Ranges to be included in the Scan Job.
At this point, you may also create a new Range Set by clicking New. This will open the IP Range Sets dialog that will allow you to define the new Range Set. For more information on this dialog, see the Create a New IP Range lesson. - Click the Remove (minus sign) button to remove any unwanted IP Range Sets from the Scan Job.
- Click Next.
6. Select Credentials
Add Credentials to be used for rights to successfully scan using the desired probes:
- Mark the Select credentials to be used for current scan: check box to use only the specified credentials for the current Scan Job.
To use any available, pre-defined credentials, leave this box unchecked. The Scan Job will go through each available credential until the scan is successful. - For any given credential type, click the Add (plus sign) button.
- In the Credential User Name dialog, select the credential or credentials required for the Scan Job. These credentials shall have sufficient rights to the endpoints to be successfully scanned.
At this point, you may also create a new Credential by clicking New. This will begin the Create a New Credential process. - Click the Remove (minus sign) button to remove any unwanted Credentials.
7. Configure the Schedule
- Select the desired Scan Window, or leave as Default if you would like for the scans to run at any time. For more information see Setting up a Scan Window.
- Pick the desired Schedule Type for the scan job.
- Daily Schedule: Scan occurs every N days beginning at a specified time.
- Weekly Schedule: Scan occurs on specified day(s) during the week (Monday, Wednesday, Friday, etc), beginning at a specified time.
- Monthly Schedule: Scan occurs on a specified day of the month (Calendar day, or First Wednesday, Second Tuesday, etc.), repeating every N months, beginning at a specified time.
- Repeating Schedule: Scan occurs continually throughout the defined Scan Window. A Repeating Schedule considers Scan Window Stop times a Pause instead of a Stop, and the scan continues at the next defined Start time. A Repeating Scan can only be stopped manually, and will stay stopped until it is restarted manually.
- None: Default. Leave blank to create a Scan Job that will not be scheduled, and will not run until initiated manually.
- Check Enabled if you want to enable the scan job to run as scheduled once you save and finish the wizard. This option is helpful if you need to temporarily disable a scan job for any reason, but want to keep the settings.
- Select the Time Zone and Time. Note that the time zone will be saved in GMT/UTC time.
- Configure remaining options specific to the schedule type (Day of week:, Run on:, Repeat every:, etc.)
- Click Next.
8. Review Configuration
- Provide a Name for the Scan Job.
- Review the Scan Job configuration summary. Click Back to modify any of the specified configurations.
- Click Save and Run to save the scan job and initiated it immediately, or Save and Finish to save the scan job and let it run at the scheduled time.