Passive Discovery Settings
The Passive Discovery capability needs to be enabled in the Agent Policy Capabilities.
Passive Discovery detects all devices on your corporate network. It listens for any devices that come online, once an ARP (Address Resolution Protocol) request is detected, it captures the device details on the subnet. Name resolution for discovered devices is carried out using NetBIOS and reverse DNS queries. The Operating System for the device can be discovered using OS Fingerprinting technology, if enabled for the network.
The results are reported back to the Neurons Platform > Devices.
The option to Download Agent is available if you want to install further agents on devices. The Infrastructure Agents Policy downloaded with the Agent has the Discovery capabilities enabled by default.
The client self-election process (CSEP) is enabled when Detect devices as they connect to the network is enabled. The use of client self-electing services ensures that discovery is always on and always listening. A VPN check is initially carried out by detecting connected client VPN adapters, using case sensitive keywords. If a device is found to be connected to a VPN then the device does not take part in the self-election process, only devices on the corporate network are to be discovered. If devices can communicate with the corporate network, they self-organize and use a smart election process to elect which device listens and sends data back to Ivanti Neurons. If the devices can communicate with the elected device, they all trust each other. If the elected device goes offline, the self-organizing process identifies and elects a replacement device, so discovery is uninterrupted. The smart election process ranks available devices by configuration and ability to provide service, for example, more CPU cores or more free disk space.
The Ivanti Neurons Agent must successfully check-in before these settings, or any changes you have made, will take effect.
- Detect devices as they connect to the network: Select to enable passive discovery to listen for network traffic on the subnet to detect any connecting devices.
A device must be nominated to enable the Client Self-Election Process which runs in the background.- Device Name: Enter the name of a device on your corporate network. The self-elected device will contact this device to verify it is on your corporate network, so choose a device that will always be online and is only available in your corporate network, e.g. a domain controller.
- Device IP: Enter the IP address of the device.
The device is validated by confirming a ping on the device name that matches the IP address.
- OS Detection: Enabled by default. Allows discovery to attempt to detect the OS and type of device being discovered. If disabled, it will prohibit OS and device type details from being detected for discovered devices.
OS Detection scans are done in batches of 5 simultaneously.
Important: OS Detection may generate false positives and trigger Intrusion Detection Systems (IDS) due to how the technology scans remote devices by sending TCP/UDP and ICMP probes to attempt to determine the operating system.
- Reverse DNS Lookup: Select to perform a DNS lookup against the IP address if a NETBIOS lookup fails.
Ivanti Neurons Discovery uses Npcap for ARP detection, and Nmap for OS detection, both require Admin permissions.
When installing or uninstalling the Npcap driver in the network stack, there will be a brief interruption to network connectivity. To learn more see the Ivanti Community Article.