Passive Discovery Settings

The Passive Discovery capability needs to be enabled in the Agent Policy Capabilities.

Passive Discovery detects all devices on your corporate network. It listens for any devices that come online, once an ARP (Address Resolution Protocol) request is detected, it captures the device details on the subnet. Name resolution for discovered devices is carried out using NetBIOS and reverse DNS queries. The Operating System for the device can be discovered using OS Fingerprinting technology, if enabled for the network.

The results are reported back to the Neurons Platform > Devices.

The option to Download Agent is available if you want to install further agents on devices. The Infrastructure Agents Policy downloaded with the Agent has the Discovery capabilities enabled by default.

The Ivanti Neurons Agent must successfully check-in before these settings, or any changes you have made, will take effect.

  • Detect devices as they connect to the network: Select to enable passive discovery to listen for network traffic on the subnet to detect any connecting devices.
    A device must be nominated to enable the Client Self-Election Process which runs in the background.
    • Device Name: Enter the name of a device on your corporate network. The self-elected device will contact this device to verify it is on your corporate network, so choose a device that will always be online and is only available in your corporate network, e.g. a domain controller.
    • Device IP: Enter the IP address of the device.

The device is validated by confirming a ping on the device name that matches the IP address.

  • OS Detection: Enabled by default. Allows discovery to attempt to detect the OS and type of device being discovered. If disabled, it will prohibit OS and device type details from being detected for discovered devices.
  • OS Detection scans are done in batches of 5 simultaneously.

    Important: OS Detection may generate false positives and trigger Intrusion Detection Systems (IDS) due to how the technology scans remote devices by sending TCP/UDP and ICMP probes to attempt to determine the operating system.

  • Reverse DNS Lookup: Select to perform a DNS lookup against the IP address if a NETBIOS lookup fails.

Ivanti Neurons Discovery uses Npcap for ARP detection, and Nmap for OS detection, both require Admin permissions.

When installing or uninstalling the Npcap driver in the network stack, there will be a brief interruption to network connectivity. To learn more see the Ivanti Community Article.

Related topics

Discovery Troubleshooting