Network probing settings are by far the most important item that you want to get right in order to achieve best discovery results. Therefore, every Asset Discovery user is advised to study this section thoroughly, and to contact us if any questions remain.
Important: Before you start, make sure that you have read this section on node names and location IDs.
An Asset Discovery node can probe one or more networks. These networks can be local or remote. You can configure probing individually for each network (and even for individual devices). Before you have configured your networks for probing, Asset Discovery will not discover any asset information. Hence, this configuration step is at the beginning of every install.
Select the network that you want to configure and start with editing metadata
As a first step, select the network that you want to configure by selecting the network object (second level in the tree). This is done by simply clicking on the respective entry in the discovery table.
Network name
In the top section of the network details pane you can and should specify a name for the selected network, which greatly enhances usability. For example, instead of dealing with a non-descript IP address such as 192.168.10.0/24, from which there might be many in your organization, you and your co-workers would find it easier to use something like Converter Bus 3.
Network location ID
Every network in OTbase must be assigned to a location, in order to deal with duplicate network addresses (which are quite common). If you don't set a dedicated location ID for a network, the location will be inherited from the location of the Asset Discovery node. That works just fine until you have multiple networks in that location using the same network address. In such a situation, you must assign individual location IDs to each network in order to help OTbase keeping those networks apart. Check out this article on location IDs for more information.
Export checkbox
his checkbox specifies if you want configuration data from this network to be exported to OTbase Asset Center or not. If the box is not checked, you will see discovery results only in Asset Discovery, but not in Asset Center. Once that you have checked the Export box, the network will also show with a green background in the probing table.
IP address discovery settings
Next you have to specify how you want IP addresses to be discovered.
Here you can be lazy and let Asset Discovery figure out on its own what to do, by selecting "Enabled". For more advanced approaches you can select "Customize" and change, for example, the IP address range that shall be probed, or the number of packets per second.
In local subnets, ARP is the only protocol that is used for address discovery. For remote networks, ARP cannot be used as it cannot be routed. Then you have a choice between ICMP discovery and TCP connection attempts.
For remote networks, ICMP is the method of choice for address discovery. It is the protocol that is also used by the ping command. For situations where ICMP is blocked by a firewall you can select "TCP connection detect", which will have Asset Discovery attempt to open TCP connections for various protocols (as configured by you, see below) over the full IP address range.
Endpoint configuration discovery settings
As the last step in network configuration, select the probing strategy for discovering endpoint configuration. Again, you can make it very simple by selecting "Enabled", in which case Asset Discovery will use all available protocols. Or you can fine-tune the probing by selecting "Customize" and activating or de-activating specific protocols.
SNMP (Simple Network Management Protocol)
Enable SNMP probes to discover network topology. In addition, many endpoint devices deliver useful metadata via SNMP. Note that for some devices, SNMP must be activated on the endpoint as well. If your devices support SNMP, the effort is usually worth it. -- You also have to specify the SNMP community string that is used, and the SNMP version. When using SNMPv3 you also need to specify access credentials. This is not required for SNMP versions 1 and 2.
WinRM (Windows Remote Management)
WinRM is supported as an alternative to WMI because it allows for more accurate identification of cyber vulnerabilities. For setting up WinRM on your Windows computers, see this knowledge base entry. Please note that you also must provide access credentials for an account on the remote Windows computer with admin rights. Credentials will be stored locally in encrypted format and will not be passed to OTbase Asset Center.
WMI (Windows Management Instrumentation)
WMI allows OTbase Asset Discovery to gather information data of your Windows machines. If you positively know that there are no Windows boxes in the given network, you may well disable WMI. If there is a chance that Windows boxes are present, specify if the global access credentials shall be used or if you want to provide network specific credentials. -- If WMI probing fails for Windows machines, check that credentials are set properly and that your WMI/DCOM/firewall configuration allows for WMI access.
SSH (Secure Shell)
SSH allows Asset Discovery to gather configuration data of your Linux and Unix machines. If you are positive that there are no Linux or Unix boxes in the given network, you may well disable SSH. If there is a chance that Linux/Unix boxes are present, specify if the global access credentials shall be used or if you want to provide network specific credentials.
Profinet
Enable Profinet probes if you are using this protocol in the respective process network. If you are positive that Profinet is not used, leave it deactivated.
Siemens S7
Enable Siemens S7 probes if you are using Siemens S7 PLCs in the respective process network. While some S7 PLCs can also be identified using SNMP, S7 probes provide much more detail on things like I/O modules on the backplane.
Modbus
Enable Modbus probes if you are using OT devices in the respective network that use the Modbus/TCP protocol. OTbase Asset Discovery will use Modbus function 43 to get metadata from these devices.
Ethernet/IP (Ethernet Industrial Protocol)
Ethernet/IP is a popuar standard protocol that delivers a wealth of information about network architecture, device identity, hardware and software configuration. Enable this probe type if you are using Ethernet/IP in the respective process network. OTbase Asset Discovery will automatically use CIP route browsing on Ethernet/IP nodes which also act as a gateway.
Emerson ROC
Used for discovering the configuration of Emerson ROC controllers.
After having gone through the whole list, click on "Set" at the bottom of the details pane to save your settings.
Note that for several protocols, such as WinRM, you must configure access credentials. This is documented in a separate knowledge base article.
Comments
0 comments
Please sign in to leave a comment.