Asset Discovery is used to identify newly network-attached services early and scan without them creating a risk for the whole company. Newly network-attached services may often include vulnerabilities in the form of incomplete patches or insecure configurations. So it's important to setup a periodic scan, find dangling assets and run a security scan immediately.
First of all in order to use Asset Discovery flow, first Asset Discovery should be enabled in one of the appropriate NormShield agents.
Clicking Asset->Asset Discovery menu will open up the screen below and in order to create a new Asset Discovery configuration, click New Configuration.
The Asset Discovery configuration dialog pops out and necessary input fields should be entered.
Let's explain the fields;
Creation Type: The choosing of entering a single IP block or multiple blocks with a format. When entering a single IP block, there's no need to enter any labels since it will already be selected below. However, when multiple IP blocks are entered, their corresponding labels should be also given along with the IP blocks. The multiple IP block format can be viewed by clicking the question mark button next to IP Block textbox or textarea.
IP Block: The target IP block (or blocks with format) which will be discovery scanned for new assets.
Agent: This is the agent selected to execute the asset discovery on behalf of the NormShield portal. For complex and segmented networks this option will enable security practitioner to select appropriate agent for asset discovery for certain networks.
Start Date: The start date & time of the asset discovery scan.
Frequency: How frequently you want asset discovery scan to be executed, one time only, daily, weekly or monthly.
Max Run Hour: The maximum execution time of the asset discovery scan in hours. This is also the timespan that auto created, if any, vulnerability scans for newly found assets should you choose to execute a vulnerability scan with the options below.
Parameters: Only shown when advanced button is clicked. This nmap parameter will be used during scanning. Default value is: -sn -v -n Reference
Asset Priority: When a new asset is discovered, what priority you want to assign.
Asset Label(s): When a new asset is discovered, what label or labels you want to assign to. For multiple IP blocks the labels will be assigned according to the format described above. When there's no label given in that format, these label values will be assigned to newly found assets.
Create Vuln Scan: When a new asset is discovered, do you want to execute a vulnerability scan.
Scan Policy: If so, with which already defined scan policy.
Agent: The agent that will be used for vulnerability scans. For complex and segmented networks this option will enable security practitioner to select appropriate agent for vulnerability scans for certain networks.