Discoveries
Last updated
Last updated
An overview of all network devices existing in the company is elementary. It is the basis of any measures to increase the security level. To automatically and permanently scan your network for its participants, install a Watchdog that handles asset discovery.
Keep the Watchdog software component up to date and perform updates regularly.
To perform an Asset Discovery, you need an installed Watchdog. After installation, go to the settings of the installed Watchdog.
Go to 'Watchdogs' and simply click on the corresponding watchdog.
If you wish, you can assign an alias.
To start with Asset Discovery, activate the option "Permanent monitoring". The watchdog now permanently scans the network traffic for new IP addresses and transmits its intermediate results in five minute intervals. You will therefore receive the first results in the Inventory and Asset Map after only five minutes.
Which configurations are possible in detail, you can read in the section Watchdogs.
Set the Alert "New device detected in network" to your watchdog to be informed about new participants.
The inventory collects in list form all assets detected by Asset Discovery. The overview also provides further details: Subnet, manufacturer and details of the device (if stored), which watchdog found the asset and when it was last seen.
How long assets remain in the inventory can be configured in the settings of the corresponding Watchdog. There you will also find an option to delete all assets of a watchdog from the inventory ("Active inventory cleanup").
With the searchbar you can search and filter the inventory.
Click on an asset to add more information to the inventory. Several fields are available for this purpose: Categorize your assets, assign an alias and appropriate tags, assign responsibilities, and store the location.
Once you have reviewed the asset and documented it accordingly, you can mark the asset as "reviewed". This means that you have taken care of the asset. A green icon then appears in front of the asset in the inventory.
You can use the button to the right of the IP address to switch to the Asset Map so that you can see where the asset is located.
You can also set up a ping and port check of assets directly from the inventory. Learn more about the possibilities of agentless monitoring at Observations.
The asset map provides a graphical representation of the results of the asset discovery. The assets are grouped by subnets and/or Watchdogs.
Click on the assets for more information.
Have reports output to PDF. Just click on 'Create Report' and you will get a PDF overview of all assets in the inventory.
You get an overview of all installed Watchdogs. The list shows the version of the watchdog, the scanable network area, the IPS and the status.
Keep the Watchdog software component up to date and perform updates regularly.
To add a watchdog just press the button Add Watchdog and execute the source code with root rights on a linux powered server or computer.
The host on which the watchdog is installed must be able to communicate with the systems to be monitored. If necessary, check your firewall settings and set the watchdog to an IDS whitelist.
To configure your watchdog simply click on it.
Give your Watchdog a name of your choice - an alias. So you keep a better overview of your watchdogs.
Activate Permanent monitoring to start Asset Discovery. Subsequently, the Watchdog permanently scans the network traffic for new IP addresses and transmits its interim results in 5-minute intervals.
To detect all assets, Watchdog starts an active network scan at regular intervals. With an active network scan (pings, port scans, etc.) the Watchdog provokes network connections and finds IP addresses that have not generated network traffic on their own. Define how often an active network scan should be performed. The more often you let it run, the faster all new assets are found. However, frequently performed active scans also put a strain on your network. By default we set an interval of 60 minutes.
How long assets detected by the watchdog remain in the inventory is entirely up to you. You can save the assets permanently or perform an Active inventory cleanup. This means that you can set a number of days after which the entries are deleted from the inventory if an asset was no longer accessible during this time. If you want to delete all inventory entries of a watchdog, you can use the option "Inventory clean up" (top right).
Under Networks you can configure subnets that should be monitored by the Watchdog. These options are relevant for you if you have segmented your network and want to perform asset discovery across the segments.
To do this, enter the Classless Inter-Domain Routing (CIDR) of the individual subnets. Assign a name and description and a color. The selected color of the respective subnet is used in the Asset Map.
If the subnet is a Virtual Local Area Network (VLAN), please specify this. The watchdog will then adjust the scan operations accordingly so that you get correct results even with VLANs.
The Enginsight Watchdog is continuously updated by us. In order for all (new) functions to work as desired, it is necessary that you always keep the watchdog up to date.
Go to Discoveries → Watchdog and check if all version numbers are up to date. A warning will be given to you if an outdated version is installed.
If an Watchdog does not have the current version number, click the Update button in the right column at Actions.
The current version number can always be found here.
To check the current logs of the Hacktor software component, you have two options.
Click the 'Logs' button at Discoveries → Watchdogs.
After clicking the Logs button, the current logs will be pulled. The transfer is limited to 2MB.
How far back the logs go also depends on the configuration and the load of the server.
If you have access to the Watchdog server, you can also read out the current logs directly. The best way is to save the logs into a .txt-file.
Use the commands below to do this. Adjust the file name before you do this.
Debian:
CentOS:
How far back in time the logs go depends on the configuration and load of the server.
In addition to asset discovery, you can also use the watchdog for our agentless monitoring (pin/port checks, SNMP). You can find all information on this under Observations.