Some protocols that Asset Discovery uses require access credentials for authenticated access. Examples are WMI, SSH, and SNMP v3. Without proper credentials, Asset Discovery will not be able to pull configuration details from those devices.
ASSET DISCOVERY DOES NOT CHANGE ANY CONFIGURATION SETTING ON YOUR DEVICES AND WILL WORK FINE WITH READ-ONLY ACCESS RIGHTS.
If supported by the protocol in question, you can deny write access for the account that Asset Discovery uses to probe your devices.
You can set access credentials on three different levels:
- per node (being used as a global default for all devices in all networks)
- per network (being used as a default for all devices in one network)
- per device (overwriting any defaults).
All credentials are stored in an encrypted file format, keeping the information confidential.
Node-wide default credential settings
In the node configuration settings you can set defaults for WinRM, WMI, SSH, and SNMP credentials.
Clicking on the "..." button will pop up a dialog where you can specify multiple user/password pairs. This is convenient if some devices use different credentials than others. Asset Discovery will then use the second (or third, fourth...) credentials entry to establish a connection. Just note that some SIEMs may view this as a hacking attempt, so you may want to check back with your network department before using multiple credentials.
Save your settings by clicking "Set" at the bottom of the details pane.
Network-wide credential settings
You can also specify credentials by network, which is particularly useful if endpoints in one network use shared credentials that differ from those used in other networks. Any credentials that you specify for a network will override global credentials (for the Asset Discovery node) that you may have set.
When intending to use network specific settings, make sure to select "network setting" instead of "global setting" for the network in question.
In order to set network-specific credentials, select a network in the object table. In the details pane, set "Discover endpoint configuration" to "Customize", if you haven't done so already. Then select the protocol for which you want to specify network-specific credentials and change "Credentials" from "Global setting" to "Network setting". In the protocol specific credentials field that is then activated you can specify your network credentials in a similar manner as you know it from the node-level credentials.
Finally, save your credentials by clicking "Set" at the bottom of the pane.
Device-specific credential settings
If node-wide and network-wide credentials need to be overwritten for a device, you can do so by using the following procedure:
- Select the device in the discovery table
- In the drop-down menu in the details pane, select "General"
- Specify the access credentials for this device
- Save the settings by clicking "Set" at the bottom of the pane