Device Seed Discoveries

Introduction

New in Open-AudIT 4.1.0, we have introduced Device Seed Discoveries. This is another type of discovery, where you provide the IP of a single "seed" device. This device is audited, and any IPs it knows are then added to the list of IP's to be audited. Then, those devices are audited and any IPs they know are also added to the list of IPs for auditing. This process then continues within the parameters configured by the user.

Device Seed Discoveries are a good option if you know that your network consists of a range of subnet's, but you're unsure what they are. Seed the discovery with a local router and watch your network unfold before your eyes.

Parameters

You can limit the Device Seed Discovery to fall within a strict set of parameters, including:

  • Restrict to Subnet
  • Restrict to Private

These parameters enable you to audit only what is useful and relevant to you, saving processing time and allowing you to discover your network in an orderly manner. 

We also have an option to Ping Before Scan (important for routers with long lived ARP caches). This is usually a good idea.

All regular discovery options are also available for use in Device Seed Discoveries.

Summary

The Device Seed Discovery type is the newest highly-effective method for network crawling, giving you the ability to target your network as narrowly or as broadly as you need. It's fast, it works and it's great.

If you have an Open-AudIT Enterprise license, as well as Open-AudIT 4.1.0 or newer, you can try a Device Seed Discovery today. 

If you don't have an Enterprise license, or need to update your software, you can learn more about doing both here.


Technical Details FAQ

How does a Device Seed Discovery find known IPs?

Provided you have the correct credentials, Device Seed Discovery works as follows: 

  • For SNMP devices, OIDs for:
    • ipNetToMediaPhysAddress (1.3.6.1.2.1.4.22.1.2)
    • ipNetToPhysicalPhysAddress (1.3.6.1.2.1.4.35.1.4.3.1.4)
    • atPhysAddress (1.3.6.1.2.1.3.1.1.2)
    • ipRouteEntry (1.3.6.1.2.1.4.21.1.1)
  • For SSH devices:
    • "arp -an" and "netstat -rn" commands.
  • For Windows devices:
    • "arp -a" commands.