IBM Proventia Network Enterprise User Manual - page 99
Defining Assets to Discover (Discovery Policy)
99
IBM Proventia Network Enterprise Scanner User Guide, Version 1.3
Defining Assets to Discover (Discovery Policy)
Introduction
A Discovery policy defines parameters used to perform discovery on a portion of a
network. In a discovery task, a range of IP addresses is scanned to locate active network
interfaces, and the type of device associated with each active network interface is
determined through OS identification.
OS discovery
requirements
Before it can perform OS fingerprinting on an asset, your agent must find one open and
one closed port. To find an open and a closed port, the agent scans ports 1–1023 and any
other ports specified in the applicable Network Services policy.
Scope
The Discovery policy applies to background discovery scans. An ad hoc scan reads this
policy and uses its settings to initialize the ad hoc discovery scan. You can change the
settings in the ad hoc scan without changing the background policy.
Procedure
To define discovery ranges:
1. In the SiteProtector Console, set up a tab to display asset policies. (See page 74.)
2. On the navigation pane, select a group, and then open the Discovery policy for that
group.
3. Type the IP addresses (in dotted-decimal or CIDR notation) of the assets to discover in
the IP range(s) to scan box as follows:
■
Type an IP address, and then press
ENTER
(or type a comma).
■
Type a range of IP addresses, and then press
ENTER
(or type a comma).
Example:
172.1.1.100-172.1.1.200
Note:
A red box appears around the IP range(s) to scan box until the data is
validated.
4. If you want to ping each IP address before starting to scan any assets, in order to
exclude unreachable hosts from the scan, select the Ping hosts in this range, before
scanning, to exclude unreachable hosts
check box.
5. If you want to add newly discovered assets to the group where you have defined the
scan—rather than to the Ungrouped Assets group—select the Add newly discovered
assets to group
check box.
Note:
This check box is enabled by default.
6. If you want to add previously known assets that are already defined in other groups
to the scan group, select the Add previously known assets to group (if not already in
group)
check box.
Note:
This check box is enabled by default.