Highlighted
Contributor.. Contributor..
Contributor..
96 views

How would you approach discovery as it relates to Authorized vs Unauthorized devices

I have been asked by a Security associate here on how do we know we have all the servers discovered.   I really couldn't answer him properly - I told him that we supply subnets to UCMDB for discovery but he asked how I know I have all the subnets supplied to UCMDB.   And further, how do we know which devices are authorized vs not-authorized?    Does anyone have an existing document that gives guidance in this area or does anyone have any direction on this ?  Thanks !

0 Likes
2 Replies
Highlighted
Frequent Contributor.. Frequent Contributor..
Frequent Contributor..

Re: How would you approach discovery as it relates to Authorized vs Unauthorized devices

Joe,

 

I don't have the exact answer you seek, but we have defined a view that might help.

 

We created a pattern-based view to show IP's with no probe.  They were created by various discovery jobs, like shell and snmp and ARP cache and so forth.

 

You could create a similar view and feed that list of IP addresses in to something like nmap (on the probe) and see what the probe can find via ping), and add those IP's to that probe's discovery ranges.

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: How would you approach discovery as it relates to Authorized vs Unauthorized devices

Joe;

 

How is 'authorized' defined?  It seems to imply there is a list or something somewhere.  You can find all IPs that respond to a ping via the ICMP jobs and connect to hosts which you have credentials on, but if the server is 'unauthorized'... it probably doesn't have standard credentials, so you wouldn't discover it.  It is a bit of a pickle in that you can never be sure you know everything that you don't know.

Hope this helps,
Keith Paschal
UCMDB Worldwide Support Lead
Micro Focus Support
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution."

Click the KUDOS star on the left to say 'Thanks'
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.