Skip to main content
Skip table of contents

Asset Discovery


Agents


Technical Preview

This section is a technical preview of a feature that is currently under development. This feature is hidden behind a feature flag.


The Agents view list all asset identifiers that are of Agent type.

The same columns that are available in the Asset view are also present in Agent view with an addition of columns that are specific to the agent type such as:

  • Agent version
  • Agent last synchronized
  • Agent retired
  • Agent id

Columns that show Agent asset data within Agent view is also added such as:

  • Asset IDs: a list of ids of associated Agent assets, separated by commas and each id is a hyperlink that link to the asset in Asset view
  • Asset names: a list of names of associated Agent assets, separated by commas and in alphabetically ascending order

allowing filtering on those columns.


         

Logs

Selecting an agent provides a view with logs for that Agent.


Managing Agents

Right clicking on a agent provides a menu where you can add and remove tags.



Edit Tags

The Edit tags action displays a popup providing the user with the ability to link, or create and then link, tags to the Agent’s assets and in the Agent view, displaying these tags as "This tag is inherited".


Update External Tags

The Update external tags action displays a popup, telling the user how many assets will have their tags updated. 

Removing Tags from Agents

To remove a tag from the Agent, click on the X on the right hand side in the tag.


Asset Discovery

Asset Discovery enumerate the hardware and software assets within an organization's network infrastructure. The goal of Asset Discovery is to provide a comprehensive view of an organization's IT assets to be used when setting up the Vulnerability Scanning.

Asset Discovery is an essential component of network security and risk management, and is performed with the help of automated tools that scan an organization's network to provide a detailed report of all detected assets.

Docker Image Discovery

Docker Image Discovery enumerates docker images within a registry using provided credentials and the Docker Registry HTTP API V2.


To configure a Docker image discovery scan:

  1. Select the Docker image discovery radio button.
  2. Select the credentials from the drop-down menu.
  3. Choose a scanner from the drop-down menu.
  4. Click the ADD button to save the configuration.

Network Discovery

A Network Discovery scan identifies and lists all the hardware and software assets within an organization's network infrastructure by sending packets over multiple protocols such as ARP/ICMP/TCP/UDP. If the scanner gets anything back from the target, the target is confirmed to be alive.


To configure a Network discovery scan:

  1. Select the Network discovery radio button.
  2. Enter a Name for the configuration.
  3. Enter Targets for the configuration. These can be in the format of IPv4, IPv6, Hostname, IPv4-CIDR , IPv4-range, separated by newline.
  4. Choose a scanner from the drop-down menu.
  5. Click the ADD button to save the configuration.


Reporting Settings - Packet filter

In the Discovery Scan Settings UI, you can deselect a specific protocol that you do not want to trigger. However, this only stops explicitly sending requests with those protocols, it does not prevent it from triggering on related traffic. This may lead to seeing targets trigger on protocols that are deselected in the UI.

With the advanced report filtering option, you can perform a discovery scan but ignore traffic matching the filter by adding Berkeley Packet Filter (BPF) expressions. 

BPF Expression Syntax

Refer to https://biot.com/capstats/bpf.html [1] for syntax.

Use Cases

Sometimes, even if you do not send an Address Resolution Protocol (ARP) message, you may still get an ARP response which marks the target as alive. By setting a filter to remove the ARP messages, the scanner will not report on ARP responses.


Examples

Example 1

Scan results without packet filter.



Example 2

Scan results using the packet filter to filter out TCP RST packets “tcp[13] & 0x04 != 0”

Example 3

Scan results using the packet filter to capture TCP RST packets “not (tcp[13] & 0x04 != 0)”



Additional Resources

Berkeley Packet Filter [2]

Cloud Discovery

A Cloud Discovery scan counts the instances in (AWS currently) cloud environments without using network traffic but with provided AWS credentials and querying the AWS REST APIs.

To configure a Cloud discovery scan:

  1. Select the Cloud discovery radio button.
  2. Select the credentials from the drop-down menu.
  3. Click the ADD button to save the configuration.

Discovery Tagging

When configuring a discovery scan it is possible to set tags that are applied to the found assets, there are two different ways the tags can be applied.

  • The tags given in Add the following tags to discovered assets is added to all discovered assets.
  • The tags given in Set the following tags to only exist on discovered assets is removed from all assets, and added to all assets found by the discovery.


This will remove that tag from all assets you have, so make sure to not do this for tags you want to be using across different configurations.




Copyright

© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close