Discovery Settings

Use the Discovery Settings to configure the scan settings for remote inventory, SNMP and passive discovery.

Discovery Settings has the following tabs:

The option to Download Discovery Agent is available if a new enrollment key is required to install further agents on devices.

Scan Settings

Remote Inventory

Inventory data is automatically received for all devices that have an agent installed, known as managed devices, However, in cases where you don't want an agent on a device but still want the deep hardware and software information the agentless remote inventory capability provides that.

A remote inventory scan detects all device software and hardware data such as space used, space remaining, memory, CPU, processes running and software installed. You must provide domain access credentials. The scan is run every 24 hours on all Windows discovered devices that do not have an Ivanti Neurons Agent installed.

The results can be seen in Neurons Platform > Devices or Discovery > Discovered Devices.

You may need to exclude AgentlessMonitor.exe and Ldiscan.exe from your anti-virus software, as these files are downloaded and executed on the target devices that are going to be inventory scanned.

Credentials

SNMP Discovery

SNMP is a discovery technology that works by using an agentless discovery device which has the SNMP configuration applied. The configuration comprises of the credentials, port, retries and time to wait for response. The agent sends out SNMP GET queries to devices based on previously discovered device IP address information.

For further information on Object Identifiers (OIDs) see http://oid-info.com/

Credentials

Port: Enter the UDP port number, the default is 161.

Retries: Enter the number of retry attempts. The default is 3, the maximum is 5.

Wait for response (seconds): Enter the number of seconds to wait before retrying. The default is 2.
If the SNMP discovery fails it will automatically retry again every 24 hours.

Passive Discovery

Passive Discovery detects all devices on your corporate network. It listens for any devices that come online, once an ARP (Address Resolution Protocol) request is detected, it captures the device details on the subnet. Name resolution for discovered devices is carried out using NetBIOS and reverse DNS queries. The Operating System for the device can be discovered using OS Fingerprinting technology, if enabled for the network.

The results are reported back to the Discovered Devices view.

Detect devices as they connect to the network: Select to enable passive discovery to listen for network traffic on the subnet to detect any connecting devices.
A device must be nominated to enable the Self-election process which runs in the background.

  • Device Name: Enter the name of a device on your corporate network. The self-elected device will contact this device to verify it is on your corporate network, so choose a device that will always be online and is only available in your corporate network, e.g. a domain controller.

  • Device IP: Enter the IP address of the device. The device is validated by confirming a ping on the device name that matches the IP address.

OS Detection: Enabled by default. Allows discovery to attempt to detect the OS and type of device being discovered. If disabled, it will prohibit OS and device type details from being detected for discovered devices.

Important: OS Detection may generate false positives and trigger Intrusion Detection Systems (IDS) due to how the technology scans remote devices by sending TCP/UDP and ICMP probes to attempt to determine the operating system.

Deployment Representatives only: Select to only run passive discovery and OS detection from deployment representatives. Default setting is Off.
An increased volume of network traffic caused by OS detection can trigger internal security issues, this setting limits the traffic to only those devices that are dedicated deployment representatives. Security software can then be configured to allow these devices to perform scanning.

Global Discovery

Use the settings to do a global scan of devices outside of the specified IP range set up in the Discovery Scans page.

Scanner: Select the scanner from the drop-down list. This is the deployment representative that you want to perform the SNMP and/or Remote Inventory scans. The default is Elected Scanner, which is the first deployment representative that polled in. The name of the currently elected scanner is displayed below. If there is no scanner elected, or it is offline the text displays 'waiting for a scanner to be elected'.

SNMP: Select to scan all network devices using the Simple Network Management Protocol.

Remote Inventory: Select to scan all Microsoft Window devices every 24 hours to obtain detailed device information, reported in Neurons Platform > Devices. Devices that have an agent installed will not be included in the scan.

Related topics

Discovery Scans

Discovered Devices

Devices