Network probing settings are by far the most important item that you want to get right in order to achieve best discovery results. Therefore, every Asset Discovery user is advised to study this section thoroughly, and to contact us if any questions remain.
Important: Before you start, make sure that you have read this section on node names and location IDs.
Select the network that you want to configure and start with editing metadata
As a first step, select the network that you want to configure by selecting the network object (second level in the tree).
Network name
In the top section of the network details pane you can and should specify a name for the selected network, which greatly enhances usability. For example, instead of dealing with a non-descript IP address such as 192.168.10.0/24, from which there might be many in your organization, you and your co-workers would find it easier to use something like Converter Bus 3.
Network location ID
Every network in OT-BASE must be assigned to a location, in order to deal with duplicate network addresses (which are quite common). If you don't set a dedicated location ID for a network, the location will be inherited from the location of the Asset Discovery node. That works just fine until you have multiple networks in that location using the same network address. In such a situation, you must assign individual location IDs to each network in order to help OT-BASE keeping those networks apart. Check out this article on location IDs for more information.
Export checkbox
his checkbox specifies if you want configuration data from this network to be exported to OT-BASE Asset Center or not. If the box is not checked, you will see discovery results only in Asset Discovery, but not in Asset Center. Once that you have checked the Export box, the network will also show with a green background in the probing table.
IP list
Here you can specify IP address ranges that shall be included or excluded in the probing.
Network probing configuration
After you have set the general settings properly, click on the drop-down menu in the details pane and go to the probing configuration settings.
Here you can select or de-select the protocols which will be used for probing this network. Please process the settings from top to bottom.
ARP (Address Resolution Protocol)
Enable ARP probing if you want OT-BASE Asset Discovery to discover all IP devices in this network. If you don't enable ARP probing, you may still manually enter IP addresses in the device table that will be probed, but you won't be able to learn about any new devices. -- When using ARP probing, you may limit the number of ARP requests per second if you are concerned about bandwidth. For remote (routed) networks, you cannot use ARP as it is a non-routable protocol. Use ICMP instead.
ICMP (Internet Control Messaging Protocol)
Enable ICMP probing for remote networks to discover all IP devices in those networks. When probing remote networks -- i.e., networks that the computer on which you are running Asset Discovery can only reach via routing, but not directly through a network interface --, ARP cannot be used. ICMP acts as an alternative. The use of ICMP in local networks is discouraged because ARP is much faster than ICMP and fulfills the same purpose.
SNMP (Simple Network Management Protocol)
Enable SNMP probes to discover network topology. In addition, many endpoint devices deliver useful metadata via SNMP. Note that for some devices, SNMP must be activated on the endpoint as well. If your devices support SNMP, the effort is usually worth it. -- You also have to specify the SNMP community string that is used, and the SNMP version. When using SNMPv3 you also need to specify access credentials. This is not required for SNMP versions 1 and 2.
WMI (Windows Management Instrumentation)
WMI allows OT-BASE Asset Discovery to gather information data of your Windows machines. If you positively know that there are no Windows boxes in the given network, you may well disable WMI. If there is a chance that Windows boxes are present, specify if the global access credentials shall be used or if you want to provide network specific credentials. -- If WMI probing fails for Windows machines, check that credentials are set properly and that your WMI/DCOM/firewall configuration allows for WMI access.
WinRM (Windows Remote Management)
WinRM is supported as an alternative to WMI because it allows for more accurate identification of cyber vulnerabilities. For setting up WinRM on your Windows computers, see this knowledge base entry.
SSH (Secure Shell)
SSH allows Asset Discovery to gather configuration data of your Linux and Unix machines. If you are positive that there are no Linux or Unix boxes in the given network, you may well disable SSH. If there is a chance that Linux/Unix boxes are present, specify if the global access credentials shall be used or if you want to provide network specific credentials.
Profinet
Enable Profinet probes if you are using this protocol in the respective process network. If you are positive that Profinet is not used, leave it deactivated.
Siemens S7
Enable Siemens S7 probes if you are using Siemens S7 PLCs in the respective process network. While some S7 PLCs can also be identified using SNMP, S7 probes provide much more detail on things like I/O modules on the backplane.
Modbus
Enable Modbus probes if you are using OT devices in the respective network that use the Modbus/TCP protocol. OT-BASE Asset Discovery will use Modbus function 43 to get metadata from these devices.
Ethernet/IP (Ethernet Industrial Protocol)
Ethernet/IP is a popuar standard protocol that delivers a wealth of information about network architecture, device identity, hardware and software configuration. Enable this probe type if you are using Ethernet/IP in the respective process network. OT-BASE Asset Discovery will automatically use CIP route browsing on Ethernet/IP nodes which also act as a gateway.
Telnet
Used for devices that are discovered using a command line interface via Telnet. Presently only SEL devices are supported with this option.
If you want to make your life as simple as possible, simply click on the Enable all protocols button for each network. However this is not the smartest or most efficient configuration setting. In real life, if you have a basic knowledge of the networks that you want to probe you already know what to expect within them. This knowledge can be used to fine-tune the probing. For example, if you know that in a given network there are no Linux/Unix boxes, there's no need to probe for SSH. If you know that there are no Windows boxes, you can leave WMI disabled. And so on.
After having gone through the whole list, click on "Set" at the bottom of the details pane to save your settings.
CIP Route Browsing
OT-BASE Asset Discovery supports CIP Route Browsing. That means if you are using Ethernet/IP, CIP networks "behind" a device that Asset Discovery connects to can be discovered as well. Once that Asset Discovery detects a module that acts as a CIP gateway, a new network is automatically created as in the example below. However, for such a network, you can't change much other than the timeout and the packet rate.
Asset Discovery does not automatically drill down into remote CIP networks unless the Export flag is set in the general network settings. You can also select the remote CIP network in the network table and manually initiate a probe, or check the probing results from the last scheduled run (if Export is set).
For the device that acts as the CIP router, no device details are available (those can be examined in the previous hop).
Adding remote (routed) networks
In order to add remote networks for probing, select the Asset Discovery object and do a right click to open the context menu.
In the dialog box that pops up, input the network address in CIDR format and click "OK".
Thereafter, the new network appears in the probing table, where you can select it and fine-tune the configuration settings.
Comments
0 comments
Please sign in to leave a comment.