Set up Discovery Agent (optional)

The Discovery-Agent (Windows) is optional to use for the following situations:

  • Discover data from systems that are not always online (like Office-Computers or Notebooks)
  • Collect data from Windows System without opening the inbound WMI Port & the Dynamic DCOM Ports

Inside of the "Discovery_x.x.x.zip" you can find the "Discovery_Agent_Setup.msi" Installer package.

Install the Discovery Agent and make sure that the Firewall will accept connections from the inbound Port 51337.

For collecting the data configure the Optional Agent Settings of the Discovery tool.

The file transfer between the Discovery-Tool and the Windows Agent is AES 128 encrypted.
For each transfer both tools are exchanging a session key for the encryption. Learn how to configure the Agent Token

Configuration

For the Discovery-Agent there are a few possible configurations.

It is recommended that you just deploy and run the Agent without any changes.

If it is required the following setting can be manually edited in the Agent.cfg:

SettingDescription
ScanLogLevel

With the "Normal"-Setting the Log file will only contain basic information's.

With the "Extended"-Setting the Log file will contain every information about the discovery scan.

With the "Debug"-Setting the Log file will contain very much Information that can help for support you by a Problem.

AgentPortThe default listener port is 51337, if you change that port you must also change the agent port in the Discovery-Tool configuration file (Discovery.cfg)
UseAllNetworkInterfaces

Set to “false” by default.

To configure the Agent to listen to any active network interface, set this to "true".

UseIPMatching

By default, the Agent listens on the first active IPv4 network interface.

To configure the Agent to listen to matching IPv4/IPv6 network masks, set a value. For example, “192.168.5.85/24“ “2001:db8:abcd:0012::0/64“

If you configure both the above settings (“UseAllNetworkInterfaces“, “UseIPMatching”), the Agent only uses the “UseIPMatching” setting.

DeleteLogsAfterHere you can set the days after the logfiles will be deleted, default is 7 days.
DisableTCPListener

If you set it to "true" the Agent will not start the TCP-Listener,

it is useful when you use the direct copy option.

DirectCopyPath

If you want it is possible that the Agent directly copy the scan result files to another system (i.e. the Jira/Assets-System).

You must use a full UNC-Path like "\\myserver\import\schemaname"

If these options are configured the Agent will transfer the result data as .xml file to the configured target path.

ScanInterval

Set the interval of performed scans in hours.

Default is 24 hours.

SFTPSettings

It is possible to add a SFTP transfer configuration.

If these options are configured the Agent will transfer the result data as .xml file to the configured target path.

Add the following xml content to the Agent.cfg (inside of the <Settings>-Node)

<SFTPSettings>
    <ExportPath>192.168.2.2/discovery/import</ExportPath>
    <UserName>yourUser</UserName>
    <Password>mysecurepassword</Password>
    <TransferReties>5</TransferReties>
    <TranserRetryInterval>30</TranserRetryInterval>
</SFTPSettings>

or use "Discovery_Agent.exe -setupsftp" (this will execute a small console configuration for the sftp transfer)

Note that the password will be encrypted during the first startup.

Last modified on Jan 9, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.