Discovery

Ivanti Neurons for Discovery can accurately and quickly determine which devices are on your corporate network. Using the discovery features all devices that come online are detected, data captured, normalized and sent to the Ivanti Neurons Platform. The technology used ensures that discovery is always on and always listening, so that no devices go undetected and that there is no delay in receiving the data. It also ensures there are no scalability issues, no duplication and no failover concerns because it uses smart technology to self-organize and elect which device will listen and send the data back. If the elected device goes offline, the self-organizing process identifies a replacement self-elected device, so discovery is uninterrupted.

Benefits

  • Rapid discovery of devices connected to your corporate network.
  • Flexible policy control.
  • Infinite scalability.
  • Analyze and normalize to produce a single accurate record of each asset.

Getting started with Ivanti Neurons for Discovery

Follow these easy steps to get started with Discovery.

Workflow:

  1. Enable and configure the discovery settings to start discovery (Global network device settings)
  2. Target a device on your network, download and install the Ivanti Neurons for Discovery agent (Discovery download page)
  3. Data is gathered, normalized and reconciled providing a single unified view of device details (Discovered Devices)
  4. Create, assign and deploy agent policy to devices (Policy Groups)

Discovery install methods

There are two install options for Neurons for Discovery:

Before installing the agent check you have everything you need, for further information see the prerequisites in Agent management.

Discovery components:

Ivanti Neurons agent: An executable file (IvantiCloudAgent.exe) to install the Ivanti Neurons agent. Installation can be done manually, or automatically; deployed by Neurons for Discovery or via a 3rd party deployment tool.

Options file: A settings file (IvantiCloudAgent.exe.Options) used to configure the agent. This file differs depending on whether you are doing Discovery install or Default install and determines which capabilities the agent will have.

Both the agent and the options file must be saved to the same folder. If more than one executable or options file is downloaded they are saved with a numerical suffix e.g. (1), (2).

Deployment Representative: A device that has the Discovery Agent installed.

Deployment Representative Policy: The default policy configuration applied to the agent.

Discovery agent

Use case: You want to discover all devices on your corporate network and automatically deploy agents to devices using Ivanti Neurons.

When the discovery agent is installed on a device, that device becomes a Deployment Representative. The Deployment Representative is the only device that can be used for the capabilities that require credentials.

The Ivanti discovery agent has the following capabilities:

  • Active Discovery
  • Passive Discovery
  • Remote Inventory
  • SNMP Discovery
  • Deployment

Optional capabilities:

  • Automation
  • Edge Intelligence
  • Inventory
  • Remote Control
  1. Navigate to Admin > Discovery.
  2. On the Welcome page, select DOWNLOAD DISCOVERY AGENT to open the download operating system page.
  3. There is currently only a Windows Agent available, so in the Windows operating system section select DOWNLOAD DISCOVERY AGENT.
  4. A pop-up message asking about your deployment method appears. Select either:
    • Yes: If you are using a 3rd party deployment tool to deploy the agent to your devices. Once you have selected Yes, you must then enter the total number of devices the agent will be deployed to, these will become your Deployment Representatives. A date is also required to limit the time a Deployment Representative has to enroll with your Ivanti Neurons tenant. This must be within the next 30 days, you can select the date from the calendar which is capped at 30 days from today's date.
    • No: If you are using Neurons for Discovery to deploy the agent to your devices.
  5. Select DOWNLOAD DISCOVERY AGENT.
  6. Once the files have downloaded, run the executable file and follow the on-screen instructions. An agent must be installed on a device in each of your subnets throughout your internal network. The device with the agent installed becomes the Deployment Representative.

Default agent

Use Case: You already have a list of devices or imported them from a connector, and want to install the agent manually using a 3rd party deployment system such as Microsoft SCCM.

The Ivanti default agent has the following capabilities:

  1. Navigate to Admin > Discovery.
  2. On the Welcome page, select DOWNLOAD DEFAULT AGENT to open the download operating system page.
  3. Go to the appropriate section for your operating system and select DOWNLOAD.
  4. You have the option to change from the default setting of Interactive to Silent install. Interactive provides you with an install wizard which steps you through the installation. Silent will install automatically requiring no manual interaction, select Copy to copy the code you need to run.
  5. Once the files have downloaded, make sure they are on the device that you want to install the agent on and that the .exe and the options files are in the same folder. Run the executable file and follow the on-screen instructions. The options file determines which functionality you can configure, see the capabilities section above. The device with the agent installed becomes the Deployment Representative.

Deployment representative

A deployment representative is a device in your network that has the discovery agent installed on it. The discovery agent should be installed on one device per subnet within your environment. The deployment representative is the only device that can be used for the capabilities that require credentials; deployment, remote inventory and SNMP discovery.

The deployment representatives view lists all of the devices with an agent installed, the subnet that it belongs to, the device name and the date the agent was installed. Click on any deployment representative to view the deployment representative details.

From here you have access to:

  • Manage Policy Groups: Create and edit policy groups and devices that they are assigned to. Policies are used to assign capabilities to agents.
  • Global network device settings: Select the discovery scan types and the configuration settings for active discovery, passive discovery, remote inventory and SNMP discovery. See Global network device settings for more information.

Global network device settings

Use the global network device settings to select which discovery scan types to use and configure from; active discovery, passive discovery, remote inventory and SNMP discovery. For more details on the scan types see the Discovery Scan Types section.

Active Discovery on install: Select to enable a one-time active scan when the discovery engine is installed. On by default. The detected devices appear in Devices view.

Passive Discovery: Select to enable passive discovery. Off by default. Passive discovery listens for network traffic on the subnet to detect the connected devices. A device must be nominated to enable the Self-election process which runs in the background.

  • Device Name: Enter the name of a device on your corporate network. The self-elected device will contact this device to verify it is on your corporate network, so choose a device that will always be online and is only available in your corporate network, e.g. a domain controller.

  • Device IP: Enter the IP address of the device. The device is validated by confirming a ping on the device name that matches the IP address.

OS Detection: Enabled by default. Allows discovery to attempt to detect the OS and type of device being discovered. If disabled, it will prohibit OS and device type details from being detected for discovered devices.

Important: OS Detection may generate false positives and trigger Intrusion Detection Systems (IDS) due to how the technology scans remote devices by sending TCP/UDP and ICMP probes to attempt to determine the operating system.

Remote Inventory: Select to enable Inventory. Off by default. An inventory scan is a deep hardware and software scan discovering details on disk, such as; space used, space remaining, memory, CPU, processes running and software installed. Once enabled, an inventory scan will commence 24 hours after the last inventory scan on the device.

  • Credentials: From the drop down list select the credentials to be used by the agentless engine to access the remote devices to be scanned, click Add to add the credentials to the field below. Select and add more credentials to continue to build up the list, as required. If the first set of credentials fail, the next will be attempted, and so on, in order of the list.
    If you need to create new credentials navigate to Admin > Credentials > Add credentials for Device. Alternatively, select Go to Credential Store to manage credentials.

    If you select the Credential Store link the data on this Settings panel will be lost, you must select Save before navigating away. Once you have added the credentials you need to navigate back to this Settings panel where the newly created credentials will be available in the drop-down list for selection.

SNMP Discovery: Select to enable SNMP discovery, credentials are required for enablement. Off by default.

  • Credentials: From the drop down list select the credentials to be used for SNMP communication, click Add to add the credentials to the field below. Select and add more credentials to continue to build up the list, as required. If the first set of credentials fail, the next will be attempted, and so on, in order of the list. You can use the order of the list to setup which credential version is attempted first; v3, v2 then v1.
    If you need to create new credentials go to the Admin > Credentials > Add credentials for SNMP. Alternatively, select Go to Credential Store to manage credentials.

    If you select the Credential Store link the data on this Settings panel will be lost, you must select Save before navigating away. Once you have added the credentials you need to navigate back to this Settings panel where the newly created credentials will be available in the drop-down list for selection.

    When setting up SNMP credentials you must select the version to be used from:

    • Version 3 - allows communication for authentication (MD5 or SHA) and privacy (DES or AES128). Depending on the security level selected for authentication and privacy you will need to enter all or some of the following data; a name for the set of credentials, an optional description, the username, authentication type and password, and privacy type and password.
    • Version 1 or 2c - uses community strings for authentication to obtain information form SNMP enabled devices. You will need the following data; a name for the set of credentials. an optional description, and a community string.

  • Port: The UDP port number, the default is 161.

  • Retries: The number of retry attempts. The default is 3, 5 is the maximum.

  • Wait for response (seconds): The number of seconds to wait before retrying. The default is 2.
    If the SNMP discovery fails it will automatically retry again every 24 hours.

Discovery Scan Types

Active Discovery

Active Discovery detects all online devices connected to the subnet that has a discovery representative on it. As soon as the discovery agent is installed devices are detected using ARP (Address Resolution Protocol).

Passive Discovery

Passive Discovery detects all devices on your corporate network. It listens for any devices that come online, once an ARP (Address Resolution Protocol) request is detected, it captures the device details on the subnet. Name resolution for discovered devices is carried out using NetBIOS and reverse DNS queries. The Operating System for the device is also discovered using OS Fingerprinting technology.

The results are reported back to the Discovered Devices view and include:

Device Name: Name of the device.

IP or MAC Address: IP or MAC address of the device.

OS: Operating System version, e.g. Microsoft Windows.

If there is percentage after the OS it provides a level of confidence as to which OS is running but is not an absolute certainty based on the device information received. No percentage indicates a 100% certainty of OS.

OS Group: Operating System group, e.g. Windows, macOS.

Agent: Agent if one has been installed on the device.

Policy Group: Policy group if one has been applied to the device.

Subnet: Subnet IP that the device belongs to.

The self-election process is enabled when passive discovery is enabled. The use of client self-electing services ensures that discovery is always on and always listening. A VPN check is initially carried out by detecting connected client VPN adapters, using case sensitive keywords. If a device is found to be connected to a VPN then the device does not take part in the self-election process, only devices on the corporate network are to be discovered. If devices can communicate with the corporate network they self-organize and use a smart election process to elect which device listens and sends data back to the Ivanti Neurons, if the devices can communicate with the elected device, they all trust each other. If the elected device goes offline, the self-organizing process identifies and elects a replacement device, so discovery is uninterrupted. The smart election process ranks available devices by configuration and ability to provide service, for example, more CPU cores or more free disk space.

flow diagram showing the CSEP decision process

Remote Inventory

Remote Inventory data is automatically received for all devices that have an agent installed, known as managed devices, However, in cases where you don't want an agent on a device but still want the deep hardware and software information the remote inventory capability provides that.

A remote inventory scan detects all device software and hardware data such as space used, space remaining, memory, CPU, and processes running. You enable the scan in Global Network Device Settings and must provide domain access credentials. The scan is run every 24 hours on all Windows discovered devices that do not have an Ivanti Neurons Agent installed.

The results are reported back to the Detailed View tab in Devices > Device Details

You may need to exclude AgentlessMonitor.exe and Ldiscan.exe from your anti-virus software, as these files are downloaded and executed on the target devices that are going to be inventory scanned.

SNMP Discovery

SNMP is a discovery technology that works by using an agentless discovery device which has the SNMP configuration applied, the configuration comprises of the credentials, port, retries and time to wait for response. The agent sends out SNMP GET queries to devices based on previously discovered device IP address information, and queries the following information:

  • System Description (1.3.6.1.2.1.1.1.0)

  • System SmiEnterprise (1.3.6.1.2.1.1.2.0)

  • System Name (1.3.6.1.2.1.1.5.0)

  • System Services (1.3.6.1.2.1.1.7.0)

  • Subnet Mask (1.3.6.1.2.1.4.20.1.3.+IP)

  • System MAC Address Instance (1.3.6.1.2.1.4.20.1.2.+IP)

  • System MAC Address (1.3.6.1.2.1.2.2.1.6.+MAC Address instance value)

  • Entity Physical Description (1.3.6.1.2.1.47.1.1.1.1.2)

For further information on Object Identifiers (OIDs) see http://oid-info.com/.

Related topics

Agent Policy

Credentials

Agent management

Credentials