Discovering devices on your network
To discover devices, you can scan your network by creating a Discovery Schedule. The Discovery Schedule specifies the protocols to use during the scan, the IP Address range to be scanned, and the frequency of the scan.
Depending on what you want out of a discovery scan and what devices you are working with, you can choose from various Discovery types.
• |
External Integration Discovery: A different type of thorough discovery that is aimed at certain computer devices that are not Windows-, Mac Os X-, or Linux-based. For more information, see: |
You can scan for devices across a single subnet or multiple subnets. You can also define a scan to search for devices listening on a particular port.
When adding Discovery Schedules, you should balance the scope of the scan (the number of IP addresses you are scanning) with the depth of the probe (the number of attributes you are scanning), so that you do not overwhelm the network or the appliance. For example, if you need to scan a large number of IP addresses frequently, keep the number of ports, TCP/IP connections, and so on, relatively small. As a rule, scan a particular subnet no more than once every few hours.
Add a Discovery Schedule to perform a quick "what and where" scan of your network
Use one of the available schedules to quickly obtain Discovery Results that show the availability of devices.
This type of Discovery scans for any device type in your network: managed computers or non-computer devices.
If you want to add an Nmap Discovery Schedule, there are several issues to consider. See Things to take into consideration with Nmap discovery.
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
2. |
Select the Discovery Type to display the form with the options for the selected type. |
◦ |
Ping. DNS Lookup and Ping discovery options appear. |
◦ |
Socket. DNS Lookup and Socket discovery options appear. |
◦ |
Authenticated [WinRM, SNMP, SSH, VMware, Hyper-V]. DNS Lookup, Relay, WinRM, Hyper-V, VMM, SNMP, SSH, and VMware discovery options appear. |
◦ |
Nmap. DNS Lookup and Nmap discovery options appear. |
◦ |
Custom. DNS Lookup, Ping, Nmap, WinRM, SNMP, SSH, and VMware discovery options appear. |
3. |
In the Name field, enter a name for the scan. |
4. |
In the IP Address Range field, enter an IP address range to scan. Use hyphens to specify individual IP address class ranges. For example, type 192.168.2-5.1-200 to scan for all IP addresses between 192.168.2-5.1 and 192.168.2-5.200, inclusive. |
Option |
Item |
Description |
DNS Lookup |
|
Enable Discovery to identify the name of the device. DNS Lookup is important if you want device names to appear in the Discovery Results and Inventory lists. You can select the DNS Lookup options for each Discovery type. |
|
Name Server for Lookup |
The hostname or IP address of the name server.
|
|
Timeout |
The time, in seconds, after which a DNS lookup expires. If an address is not found during this time, the process “times out.” |
Relay |
|
Enable a KACE Agent to act as a tunnel WinRM, SSH and SNMP traffic to the agent connection protocol for WinRM, SSH and SNMP discovery schedules, agentless inventory, and agent provisioning. |
|
Relay Device |
Specify the device that you want to use as a relay for agentless device inventory.
A relay device that is used during discovery as a relay is used for agentless inventory, when a new device is provisioned automatically from discovery results.
Selected relay devices are listed on the following pages:
|
Ping |
|
Perform a ping test during the network scan. During this test, the appliance sends a ping test to determine whether a system responds. |
Socket |
|
Perform a connection test during the network scan. During this test, the appliance sends a packet to the port to determine whether the port is open. |
|
TCP Port List |
Enable a port scan using TCP (Transmission Control Protocol). Use a comma to separate each port number. |
|
UDP Port List |
Enable a port scan using UDP (User Datagram Protocol). Use a comma to separate each port number. |
Active Directory |
|
Enable the appliance to check for device information on an Active Directory server. During Active Directory scans, the status is indicated as an approximate percentage instead of the number of devices scanned. |
|
Use Secure LDAP (LDAPS) |
Enable the appliance to use a secure port for LDAP communication. |
|
Privileged User |
The username of the administrator account on the Active Directory server. For example, username@example.com. |
|
Privileged User Password |
The password of the administrator account on the Active Directory server. |
|
Search Context |
The criteria used to search for devices. This criteria specifies a location or container in the Active Directory structure to be searched. Enter the most specific combination of OUs, DCs, or CNs that match your criteria, ranging from left (most specific) to right (most general). For example: DC=company,DC=com |
KACE Cloud Mobile Device Manager |
|
This option allows you to access mobile devices such as smart phones and tablets connected to the KACE Cloud Mobile Device Manager (MDM). You must obtain a tenant name and a Secret Key from the KACE Cloud MDM in order to access the devices associated with it. |
|
Tenant Name |
The name of the tenant on the KACE Cloud MDM associated with the devices that you want to manage. |
|
Credentials |
The details of the account that is used to connect to the KACE Cloud MDM device. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
For more information, see Add and edit Secret Key credentials. |
|
Auto Provision Devices |
If selected, all mobile devices discovered in the next scan are added to inventory.
|
G Suite |
|
Working with G Suite devices requires credentials that grant the appliance access to a Google Apps Domain using the Admin SDK API. You must obtain a Client ID and a Client Secret from Google so that you can get an approval code for the appliance to use. |
|
Discover Chrome Devices |
If selected, any Chrome devices will be discovered in the next scan. |
|
Discover Mobile Devices |
If selected, any G Suite mobile devices will be discovered in the next scan. |
|
Credentials |
The details of the account that is used to connect to the Chrome device. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required. The selected credential must have an approval code that can be associated with the appropriate device type. For example, if you want to discover G Suite mobile devices, you cannot use a credential whose approval code is generated for Chrome devices.
For more information, see Add and edit Google Workspace credentials. |
|
Auto Provision Devices |
If selected, all Chrome and mobile devices discovered in the next scan are added to inventory.
|
Workspace ONE |
|
VMware® Workspace ONE® is an enterprise-level mobility management platform that allows you to manage a wide range of different device types. |
|
Host |
The host name of the Workspace ONE administration console. |
|
REST API Key |
The REST API key, available in the Workspace ONE administration console. The key must be provided to enable integration with Workspace ONE through API calls. |
|
Credentials |
The details of the service account required to connect to the device and run commands. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
See Add and edit User/Password credentials. |
|
Auto Provision Devices |
If selected, all Workspace ONE devices discovered in the next scan are added to inventory.
|
WinRM, Hyper-V, VMM |
|
WinRM is the connection type to use for Windows devices. |
|
Timeout |
The time, in seconds, up to 1 minute, after which the connection is closed if there is no activity. |
|
Require Kerberos |
If selected, Kerberos is required for authentication. NTLM will not be used as an alternative when Kerberos is unavailable.
Using Kerberos requires DNS Lookup to be enabled in the same discovery configuration. The DNS Server is also required in the local appliance network settings. |
|
Scan for Hyper-V and Virtual Machine Manager |
If selected, the appliance imports a Microsoft Hyper-V or System Center Virtual Machine Manager infrastructure using agentless management. For more information about this feature, see Add a Discovery Schedule for a Microsoft Hyper-V or System Center Virtual Machine Manager. |
|
Port |
If this field is left blank, the default port 5985 is used. |
|
Credentials |
The details of the service account required to connect to the device and run commands. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
See Add and edit User/Password credentials. |
SNMP |
|
SNMP (Simple Network Management Protocol) is a protocol for monitoring managed devices on a network. |
|
SNMP Full Walk |
Enable a Full Walk of data in the MIB (management information base) on devices. If this option is cleared, the appliance does a Bulk GET, which searches three core OIDs (object identifiers). When selecting this option, be aware that a Full Walk can take up to 20 minutes per device. The default, Bulk GET, takes approximately one second and acquires all of the information needed for Discovery.
|
|
Timeout |
The time, in seconds, after which the scan ends if no response is returned. |
|
Maximum Attempts |
The number of times the connection is attempted. |
|
Credentials(SNMPv1/v2) |
The details of the SNMP v1/v2 credentials required to connect to the device and run commands. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
See Add and edit SNMP credentials. |
|
Credentials(SNMPv3) |
The details of the SNMP v3 credentials required to connect to the device and run commands. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
See Add and edit SNMP credentials. |
SSH |
|
Use the SSH protocol with authentication.
|
|
Timeout |
The time, up to 5 minutes, after which the connection is closed if there is no activity. |
|
Try SSH2 Connection |
Enable the SSH2 protocol for connecting to and communicating with devices.
Use SSH2 if you want device communications to be more secure (recommended). |
|
Credentials |
The details of the service account required to connect to the device and run commands. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
See Add and edit User/Password credentials. |
VMware |
Timeout |
The time after which the scan ends if no response is returned. |
|
Credentials |
The details of the service account required to connect to the device and run commands. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
See Add and edit User/Password credentials. |
Nmap |
|
|
|
Timeout |
The time after which the scan ends if no response is returned. |
|
Fast Scan |
Enable the appliance to quickly scan 100 commonly used ports. If this option is cleared, all available TCP ports are scanned, which can take much longer than the fast scan. |
|
Nmap Operating System Detection (Best Guess) |
Enable the appliance to detect the operating system of the device based on fingerprinting and port information. This option might increase the time required for the scan. |
|
TCP Port Scan |
Enable a port scan using TCP (Transmission Control Protocol) of 1000 commonly used TCP ports. If this option is cleared, and UDP is selected, the appliance performs a UDP scan. If both TCP and UDP are cleared, the appliance uses a TCP scan.
If you select this option, Quest recommends that you set the Timeout value to 10 minutes to decrease the likelihood of erroneous results.
Do not combine this scan with the Fast Scan option. Doing so results in only 100 commonly used ports being scanned. |
|
UDP Port Scan |
Enable a port scan using UDP (User Datagram Protocol) of up to 1000 UDP ports. UDP scans are generally less reliable, and have lower processor overhead, than TCP scans because TCP requires a handshake when communicating with devices whereas UDP does not. However, UDP scans might take longer than TCP scans, because UDP sends multiple packets to detect ports, whereas TCP sends a single packet.
If you select this option, Quest recommends that you set the Timeout value to 30 minutes to decrease the likelihood of erroneous results.
Do not combine this scan with the Fast Scan option. Doing so results in only 100 commonly used ports being scanned.
If this option is cleared, the appliance does not scan ports using UDP. |
6. |
Optional: Enter an email address for being notified of when the discovery scan completes. The email includes the name of the discovery schedule. |
Option |
Description |
None |
Run in combination with an event rather than on a specific date or at a specific time. |
Every n hours |
Run at a specified interval. |
Every day/specific day at HH:MM |
Run daily at a specified time, or run on a designated day of the week at a specified time. |
Run on the nth of every month/specific month at HH:MM |
Run on the same day every month, or a specific month, at the specified time. |
Run on the nth weekday of every month/specific month at HH:MM |
Run on the specific weekday of every month, or a specific month, at the specified time. |
Custom |
Run according to a custom schedule.
Use standard 5-field cron format (extended cron format is not supported):
Use the following when specifying values:
• |
Asterisks (*): Include the entire range of values in a field with an asterisk. For example, an asterisk in the hour field indicates every hour. |
• |
Commas (,): Separate multiple values in a field with a comma. For example, 0,6 in the day of the week field indicates Sunday and Saturday. |
• |
Hyphens (-): Indicate a range of values in a field with a hyphen. For example, 1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates Monday through Friday. |
• |
Slashes (/): Specify the intervals at which to repeat an action with a slash. For example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The asterisk ( *) specifies every hour, but /3 restricts this to hours divisible by 3. |
Examples:
|
View Task Schedule |
Click to view the task schedule. The Task Schedule dialog box displays a list of scheduled tasks. Click a task to review the task details. For more information, see View task schedules. |
For successful outcomes with Nmap discovery, there are some issues to consider and best practices to adopt to improve speed and accuracy and to avoid problems.
To improve the speed and accuracy of Nmap discovery:
• |
Avoid using DNS Lookup. DNS Lookup can slow down scan times by up to 500 percent if you specify an invalid or unreachable IP address for the DNS. |
• |
Run one discovery type at a time. Although it is possible to run multiple discovery types simultaneously, doing so can extend the length of a run and can cause erratic OS detection results. |
• |
Select Nmap Operating System Detection (Best Guess) if you are unsure what to run. This selection can give you a reasonable view into your subnet or subnets. At a minimum, using Best Guess can identify what OSs are on what devices. If you do not get the expected results, for example if some devices appear with unknown as the Operating System, try increasing the timeout value and rerunning the discovery. |
Be aware that devices that are offline or otherwise inaccessible at the time of a scan are ignored because they appear to be nonexistent.
If you know that there are devices that should be reported, but are not, they are either:
Some devices, typically security devices, hide themselves from view, or misrepresent themselves to avoid detection.
If the Operating System appears as unknown in the Discovery Results list page:
For example, if you scan using only UDP ports 7 and 161, the device appears online with the Nmap checkmark displayed. However, the Operating System appears unknown, because UDP ports alone are not sufficient to determine what OS is running on the device.
Things to take into consideration with Nmap discovery
Use one of the available schedules to quickly obtain Discovery Results that show the availability of devices.
This type of Discovery scans for any device type in your network: managed computers or non-computer devices.
If you want to add an Nmap Discovery Schedule, there are several issues to consider. See Things to take into consideration with Nmap discovery.
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
2. |
Select the Discovery Type to display the form with the options for the selected type. |
◦ |
Ping. DNS Lookup and Ping discovery options appear. |
◦ |
Socket. DNS Lookup and Socket discovery options appear. |
◦ |
Authenticated [WinRM, SNMP, SSH, VMware, Hyper-V]. DNS Lookup, Relay, WinRM, Hyper-V, VMM, SNMP, SSH, and VMware discovery options appear. |
◦ |
Nmap. DNS Lookup and Nmap discovery options appear. |
◦ |
Custom. DNS Lookup, Ping, Nmap, WinRM, SNMP, SSH, and VMware discovery options appear. |
3. |
In the Name field, enter a name for the scan. |
4. |
In the IP Address Range field, enter an IP address range to scan. Use hyphens to specify individual IP address class ranges. For example, type 192.168.2-5.1-200 to scan for all IP addresses between 192.168.2-5.1 and 192.168.2-5.200, inclusive. |
Option |
Item |
Description |
DNS Lookup |
|
Enable Discovery to identify the name of the device. DNS Lookup is important if you want device names to appear in the Discovery Results and Inventory lists. You can select the DNS Lookup options for each Discovery type. |
|
Name Server for Lookup |
The hostname or IP address of the name server.
|
|
Timeout |
The time, in seconds, after which a DNS lookup expires. If an address is not found during this time, the process “times out.” |
Relay |
|
Enable a KACE Agent to act as a tunnel WinRM, SSH and SNMP traffic to the agent connection protocol for WinRM, SSH and SNMP discovery schedules, agentless inventory, and agent provisioning. |
|
Relay Device |
Specify the device that you want to use as a relay for agentless device inventory.
A relay device that is used during discovery as a relay is used for agentless inventory, when a new device is provisioned automatically from discovery results.
Selected relay devices are listed on the following pages:
|
Ping |
|
Perform a ping test during the network scan. During this test, the appliance sends a ping test to determine whether a system responds. |
Socket |
|
Perform a connection test during the network scan. During this test, the appliance sends a packet to the port to determine whether the port is open. |
|
TCP Port List |
Enable a port scan using TCP (Transmission Control Protocol). Use a comma to separate each port number. |
|
UDP Port List |
Enable a port scan using UDP (User Datagram Protocol). Use a comma to separate each port number. |
Active Directory |
|
Enable the appliance to check for device information on an Active Directory server. During Active Directory scans, the status is indicated as an approximate percentage instead of the number of devices scanned. |
|
Use Secure LDAP (LDAPS) |
Enable the appliance to use a secure port for LDAP communication. |
|
Privileged User |
The username of the administrator account on the Active Directory server. For example, username@example.com. |
|
Privileged User Password |
The password of the administrator account on the Active Directory server. |
|
Search Context |
The criteria used to search for devices. This criteria specifies a location or container in the Active Directory structure to be searched. Enter the most specific combination of OUs, DCs, or CNs that match your criteria, ranging from left (most specific) to right (most general). For example: DC=company,DC=com |
KACE Cloud Mobile Device Manager |
|
This option allows you to access mobile devices such as smart phones and tablets connected to the KACE Cloud Mobile Device Manager (MDM). You must obtain a tenant name and a Secret Key from the KACE Cloud MDM in order to access the devices associated with it. |
|
Tenant Name |
The name of the tenant on the KACE Cloud MDM associated with the devices that you want to manage. |
|
Credentials |
The details of the account that is used to connect to the KACE Cloud MDM device. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
For more information, see Add and edit Secret Key credentials. |
|
Auto Provision Devices |
If selected, all mobile devices discovered in the next scan are added to inventory.
|
G Suite |
|
Working with G Suite devices requires credentials that grant the appliance access to a Google Apps Domain using the Admin SDK API. You must obtain a Client ID and a Client Secret from Google so that you can get an approval code for the appliance to use. |
|
Discover Chrome Devices |
If selected, any Chrome devices will be discovered in the next scan. |
|
Discover Mobile Devices |
If selected, any G Suite mobile devices will be discovered in the next scan. |
|
Credentials |
The details of the account that is used to connect to the Chrome device. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required. The selected credential must have an approval code that can be associated with the appropriate device type. For example, if you want to discover G Suite mobile devices, you cannot use a credential whose approval code is generated for Chrome devices.
For more information, see Add and edit Google Workspace credentials. |
|
Auto Provision Devices |
If selected, all Chrome and mobile devices discovered in the next scan are added to inventory.
|
Workspace ONE |
|
VMware® Workspace ONE® is an enterprise-level mobility management platform that allows you to manage a wide range of different device types. |
|
Host |
The host name of the Workspace ONE administration console. |
|
REST API Key |
The REST API key, available in the Workspace ONE administration console. The key must be provided to enable integration with Workspace ONE through API calls. |
|
Credentials |
The details of the service account required to connect to the device and run commands. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
See Add and edit User/Password credentials. |
|
Auto Provision Devices |
If selected, all Workspace ONE devices discovered in the next scan are added to inventory.
|
WinRM, Hyper-V, VMM |
|
WinRM is the connection type to use for Windows devices. |
|
Timeout |
The time, in seconds, up to 1 minute, after which the connection is closed if there is no activity. |
|
Require Kerberos |
If selected, Kerberos is required for authentication. NTLM will not be used as an alternative when Kerberos is unavailable.
Using Kerberos requires DNS Lookup to be enabled in the same discovery configuration. The DNS Server is also required in the local appliance network settings. |
|
Scan for Hyper-V and Virtual Machine Manager |
If selected, the appliance imports a Microsoft Hyper-V or System Center Virtual Machine Manager infrastructure using agentless management. For more information about this feature, see Add a Discovery Schedule for a Microsoft Hyper-V or System Center Virtual Machine Manager. |
|
Port |
If this field is left blank, the default port 5985 is used. |
|
Credentials |
The details of the service account required to connect to the device and run commands. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
See Add and edit User/Password credentials. |
SNMP |
|
SNMP (Simple Network Management Protocol) is a protocol for monitoring managed devices on a network. |
|
SNMP Full Walk |
Enable a Full Walk of data in the MIB (management information base) on devices. If this option is cleared, the appliance does a Bulk GET, which searches three core OIDs (object identifiers). When selecting this option, be aware that a Full Walk can take up to 20 minutes per device. The default, Bulk GET, takes approximately one second and acquires all of the information needed for Discovery.
|
|
Timeout |
The time, in seconds, after which the scan ends if no response is returned. |
|
Maximum Attempts |
The number of times the connection is attempted. |
|
Credentials(SNMPv1/v2) |
The details of the SNMP v1/v2 credentials required to connect to the device and run commands. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
See Add and edit SNMP credentials. |
|
Credentials(SNMPv3) |
The details of the SNMP v3 credentials required to connect to the device and run commands. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
See Add and edit SNMP credentials. |
SSH |
|
Use the SSH protocol with authentication.
|
|
Timeout |
The time, up to 5 minutes, after which the connection is closed if there is no activity. |
|
Try SSH2 Connection |
Enable the SSH2 protocol for connecting to and communicating with devices.
Use SSH2 if you want device communications to be more secure (recommended). |
|
Credentials |
The details of the service account required to connect to the device and run commands. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
See Add and edit User/Password credentials. |
VMware |
Timeout |
The time after which the scan ends if no response is returned. |
|
Credentials |
The details of the service account required to connect to the device and run commands. Select an existing credential from the drop-down list, or select Add new credential to add a new credential, as required.
See Add and edit User/Password credentials. |
Nmap |
|
|
|
Timeout |
The time after which the scan ends if no response is returned. |
|
Fast Scan |
Enable the appliance to quickly scan 100 commonly used ports. If this option is cleared, all available TCP ports are scanned, which can take much longer than the fast scan. |
|
Nmap Operating System Detection (Best Guess) |
Enable the appliance to detect the operating system of the device based on fingerprinting and port information. This option might increase the time required for the scan. |
|
TCP Port Scan |
Enable a port scan using TCP (Transmission Control Protocol) of 1000 commonly used TCP ports. If this option is cleared, and UDP is selected, the appliance performs a UDP scan. If both TCP and UDP are cleared, the appliance uses a TCP scan.
If you select this option, Quest recommends that you set the Timeout value to 10 minutes to decrease the likelihood of erroneous results.
Do not combine this scan with the Fast Scan option. Doing so results in only 100 commonly used ports being scanned. |
|
UDP Port Scan |
Enable a port scan using UDP (User Datagram Protocol) of up to 1000 UDP ports. UDP scans are generally less reliable, and have lower processor overhead, than TCP scans because TCP requires a handshake when communicating with devices whereas UDP does not. However, UDP scans might take longer than TCP scans, because UDP sends multiple packets to detect ports, whereas TCP sends a single packet.
If you select this option, Quest recommends that you set the Timeout value to 30 minutes to decrease the likelihood of erroneous results.
Do not combine this scan with the Fast Scan option. Doing so results in only 100 commonly used ports being scanned.
If this option is cleared, the appliance does not scan ports using UDP. |
6. |
Optional: Enter an email address for being notified of when the discovery scan completes. The email includes the name of the discovery schedule. |
Option |
Description |
None |
Run in combination with an event rather than on a specific date or at a specific time. |
Every n hours |
Run at a specified interval. |
Every day/specific day at HH:MM |
Run daily at a specified time, or run on a designated day of the week at a specified time. |
Run on the nth of every month/specific month at HH:MM |
Run on the same day every month, or a specific month, at the specified time. |
Run on the nth weekday of every month/specific month at HH:MM |
Run on the specific weekday of every month, or a specific month, at the specified time. |
Custom |
Run according to a custom schedule.
Use standard 5-field cron format (extended cron format is not supported):
Use the following when specifying values:
• |
Asterisks (*): Include the entire range of values in a field with an asterisk. For example, an asterisk in the hour field indicates every hour. |
• |
Commas (,): Separate multiple values in a field with a comma. For example, 0,6 in the day of the week field indicates Sunday and Saturday. |
• |
Hyphens (-): Indicate a range of values in a field with a hyphen. For example, 1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates Monday through Friday. |
• |
Slashes (/): Specify the intervals at which to repeat an action with a slash. For example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The asterisk ( *) specifies every hour, but /3 restricts this to hours divisible by 3. |
Examples:
|
View Task Schedule |
Click to view the task schedule. The Task Schedule dialog box displays a list of scheduled tasks. Click a task to review the task details. For more information, see View task schedules. |
For successful outcomes with Nmap discovery, there are some issues to consider and best practices to adopt to improve speed and accuracy and to avoid problems.
To improve the speed and accuracy of Nmap discovery:
• |
Avoid using DNS Lookup. DNS Lookup can slow down scan times by up to 500 percent if you specify an invalid or unreachable IP address for the DNS. |
• |
Run one discovery type at a time. Although it is possible to run multiple discovery types simultaneously, doing so can extend the length of a run and can cause erratic OS detection results. |
• |
Select Nmap Operating System Detection (Best Guess) if you are unsure what to run. This selection can give you a reasonable view into your subnet or subnets. At a minimum, using Best Guess can identify what OSs are on what devices. If you do not get the expected results, for example if some devices appear with unknown as the Operating System, try increasing the timeout value and rerunning the discovery. |
Be aware that devices that are offline or otherwise inaccessible at the time of a scan are ignored because they appear to be nonexistent.
If you know that there are devices that should be reported, but are not, they are either:
Some devices, typically security devices, hide themselves from view, or misrepresent themselves to avoid detection.
If the Operating System appears as unknown in the Discovery Results list page:
For example, if you scan using only UDP ports 7 and 161, the device appears online with the Nmap checkmark displayed. However, the Operating System appears unknown, because UDP ports alone are not sufficient to determine what OS is running on the device.
Add a Discovery Schedule for a thorough scan of managed Windows, Mac, Linux, and UNIX computers
To scan your network for devices and capture information about devices, you use Discovery Schedules. After devices are discovered using the Active Directory or Authenticated discovery type, you can add those discovered devices to inventory.
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
2. |
Select the Discovery Type to display the form with the options for the selected type. |
◦ |
Authenticated [WinRM, SNMP, SSH, VMware, Hyper-V]. DNS Lookup, Relay, WinRM, Hyper-V, VMM, SNMP, SSH, and VMware discovery options appear. |
3. |
In the Name field, enter a name for the scan. |
4. |
In the IP Address Range field, do one of the following: |
◦ |
If you select the Active Directory Discovery Type, enter the IP address of the Active Directory server to be scanned. |
Option |
Item |
Description |
DNS Lookup |
|
Enable Discovery to identify the name of the device. DNS Lookup is important if you want device names to appear in the Discovery Results and Inventory lists. You can select the DNS Lookup options for each Discovery type. |
|
Name Server for Lookup |
The hostname or IP address of the name server.
|
|
Timeout |
The time, in seconds, after which a DNS lookup expires. If an address is not found during this time, the process “times out.” |
Relay |
|
Enable a KACE Agent to act as a tunnel WinRM, SSH and SNMP traffic to the agent connection protocol for WinRM, SSH and SNMP discovery schedules, agentless inventory, and agent provisioning. |
|
Relay Device |
Specify the device that you want to use as a relay for agentless device inventory.
A relay device that is used during discovery as a relay is used for agentless inventory, when a new device is provisioned automatically from discovery results.
Selected relay devices are listed on the following pages:
|
Active Directory |
|
Enable the appliance to check for device information on an Active Directory server. During Active Directory scans, the status is indicated as an approximate percentage instead of the number of devices scanned. |
|
Use Secure LDAP (LDAPS) |
Enable the appliance to use a secure port for LDAP communication. |
|
Privileged User |
The username of the administrator account on the Active Directory server. For example, username@example.com. |
|
Privileged User Password |
The password of the administrator account on the Active Directory server. |
|
Search Context |
The criteria used to search for devices. This criteria specifies a location or container in the Active Directory structure to be searched. Enter the most specific combination of OUs, DCs, or CNs that match your criteria, ranging from left (most specific) to right (most general). For example:
DC=company,DC=com. |
WinRM, Hyper-V, VMM |
|
WinRM is the connection type to use for Windows devices. |
|
Timeout |
The time, in seconds, up to 1 minute, after which the connection is closed if there is no activity. |
|
Require Kerberos |
If selected, Kerberos is required for authentication. NTLM will not be used as an alternative when Kerberos is unavailable.
Using Kerberos requires DNS Lookup to be enabled in the same discovery configuration. The DNS Server is also required in the local appliance network settings. |
|
Scan for Hyper-V and Virtual Machine Manager |
This field is only used if you want to monitor a a Microsoft Hyper-V or System Center Virtual Machine Manager infrastructure. Ensure this option is cleared. For more information about this feature, see Add a Discovery Schedule for a Microsoft Hyper-V or System Center Virtual Machine Manager. |
|
Port |
If this field is left blank, the default port 5985 is used. |
|
Credentials |
The details of the service account required to connect to the device and run commands. Select existing credentials from the drop-down list, or select Add new credential to add credentials not already listed.
See Add and edit User/Password credentials. |
SSH |
|
Use the SSH protocol with authentication.
|
|
Timeout |
The time, up to 5 minutes, after which the connection is closed if there is no activity. |
|
Try SSH2 Connection |
Enable the SSH2 protocol for connecting to and communicating with devices.
Use SSH2 if you want device communications to be more secure (recommended). |
|
Credentials |
The details of the service account required to connect to the device and run commands. Select existing credentials from the drop-down list, or select Add new credential to add credentials not already listed.
See Add and edit User/Password credentials. |
6. |
Optional: Enter an email address for being notified of when the discovery scan completes. The email includes the name of the discovery schedule. |
Option |
Description |
None |
Run in combination with an event rather than on a specific date or at a specific time. |
Every n hours |
Run at a specified interval. |
Every day/specific day at HH:MM |
Run daily at a specified time, or run on a designated day of the week at a specified time. |
Run on the nth of every month/specific month at HH:MM |
Run on the same day every month, or a specific month, at the specified time. |
Run on the nth weekday of every month/specific month at HH:MM |
Run on the specific weekday of every month, or a specific month, at the specified time. |
Custom |
Run according to a custom schedule.
Use standard 5-field cron format (extended cron format is not supported):
Use the following when specifying values:
• |
Asterisks (*): Include the entire range of values in a field with an asterisk. For example, an asterisk in the hour field indicates every hour. |
• |
Commas (,): Separate multiple values in a field with a comma. For example, 0,6 in the day of the week field indicates Sunday and Saturday. |
• |
Hyphens (-): Indicate a range of values in a field with a hyphen. For example, 1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates Monday through Friday. |
• |
Slashes (/): Specify the intervals at which to repeat an action with a slash. For example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The asterisk ( *) specifies every hour, but /3 restricts this to hours divisible by 3. |
Examples:
|
View Task Schedule |
Click to view the task schedule. The Task Schedule dialog box displays a list of scheduled tasks. Click a task to review the task details. For more information, see View task schedules. |