Insight Discovery overview

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Cloud, Server, and Data Center - This article applies equally to all platforms.

Summary

This article is an overview on how Insight Discovery tool works.

Overview

In general - Insight Discovery is configured to run a network scan periodically, collecting the scanned Information in an XML file, then transfers the file into an Import Folder, where Insight can then use it to import the data or directly to Insight Cloud.

  1. When a scan is initiated, Discovery tool looks for Scan Settings to be executed, and allocates memory objects to each IP address within the IP ranges noted

  2. Discovery starts sending an ICMP ping to each of these IP addresses, noting the response or timeout. For example, unreachable hosts

  3. Discovery will then proceed to scan the reachable IP addresses along with all the forced IPs (if the ICMP echo on a host system is disabled) indicated in the Scan setting with the modifier ~

    1. If ICMP is disabled, it will result in each IP attempted, either allow login, reject login or, timeout.  Scan will take longer to complete

    2. If ICMP is enabled, it will restrict login attempts and it will only scan responsive IPs
  4. All responsive and forced hosts IPs will then be attempted to be logged in using saved AES-256 encrypted credentials

    1. Those credentials are stored in a file (credentialstore) and are encrypted by password and salted with system information, so you won’t be able to use that file in any other devices

    2. While you can migrate the Discovery tool configuration file between different instances of Discovery, you cannot migrate credentials

  5. If login is successful, patterns will be executed on the logged host or device, and the data discovered will be mapped to the Memory Object, and later to the Scan Results xml file.

    1. If the Scan Setting contains a huge range of IPs in one scan setting, may result in the Discovery host running out of memory. For instance, a /16 IP range will allocate memory for roughly 65K possible hosts, while /24 will allocate memory for only 254 hosts

    2. We would recommend that you start with one Discovery Instance per network and a small set of Ip ranges spread over the day

      1. Then scale up the ranges until you reach the logical limits (time per day, memory)

      2. You need to test it in order to find out, as the actual limit will vary from one instance to another, depending on available resources, number of hosts to scan, amount of scanned data, etc

  6. If credentials stored used are not valid while attempting to connect to a host or device, Discovery will attempt to gather Basic information from the ARC Cache

  7. Once all IP addresses are attempted and scanned, the Scan Results XML file will be zipped and transported according to the Export configuration, where it will be picked up by the Insight Discovery Import app, a Discovery Collector, or uploaded into Insight Cloud

Additional Information

  • Maximum number of threads that you can set in parallel running scan threads is: 2 threads per core - 1
  • SSL protocol is used while transferring between Discovery tool / Collector and Insight Cloud


Last modified on Sep 26, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.