Host discovery is used to discover the hosts on which the Server Security Defender agent is installed through the hosts with the agent installed. This helps you comprehensively understand the status of your hosts.
In cases that you don't know the exact number of your hosts or new hosts are added, you can use this feature to discover the hosts on which the Server Security Defender agent is not installed. To deploy the Qingteng agent on specific hosts for IT maintenance, you must know the hosts on which the Server Security Defender agent is not installed.
Three discovery methods:
ARP Cache Discovery: The address resolution protocol (ARP) cache is used to store the most recent mapping records between Internet addresses and hardware addresses.The system searches for the IP information stored in the ARP cache table on a host with the agent installed to obtain the information about the hosts connected to the host.Required settings: N/A
Ping Discovery: The system sends ping packets to discover new hosts. Supported systems: Linux and Windows. Required settings: Set the IP range to be scanned.
Nmap Discovery
1. Scan Task Management
Create a scan task.
Choose System Management > Workload Discovery > Scan Task > New Scan and create a scan task as needed.The following figure shows the configuration page.
Settings
Basic settings | 1. Task name (required) Specify a task name. You cannot leave this field empty, and the task name must be unique. 2. Initiating host (required) An initiating host must be a host that is installed with the agent. Host discovery discovers hosts based on the initiating hosts.You can select one of the following options to specify initiating hosts:
You must specify at least one initiating host, and multiple initiating hosts are supported.After you select a service group or a host, the tasks that include the service group or host are displayed. Note that if multiple tasks run on a host, the performance consumption of the host increases. |
3. Timed scan (optional) Set up a timer for scheduled scanning.
If you do not set a timer, the default setting is used and the system executes the task for only once.
If you set up a timer for the task, the system executes the task based on the specified time interval.The rules for setting up a timer: You must enter an expression in crontab format to set up a timer. The system automatically checks the format, and display the entered content if the format is correct. If the entered content does not match the crontab requirements, an error is reported. | |
4. Get the operating system (optional) You can specify whether to get information about the operating systems of the devices that are not managed by Sever Security Defender. Use the default setting By default, the task does not scan the operating systems of the devices that are not managed by Sever Security Defender. Scan operating systems If you enable this feature, the task scans the operating systems of the devices that are not managed by Sever Security Defender. Note that the resource consumption of the task increases if this feature is enabled. | |
5. Scan CIDR Blocks You can specify CIDR blocks for Ping scan and Nmap scan. You can use the default setting or specify custom CIDR blocks. Use the default setting If the default setting is used, the system scans only the CIDR block to which the IP address of the scan host belongs. Specify CIDR blocks You can specify the CIDR blocks that you want to scan.You must specify at least one CIDR block.If you specify multiple CIDR blocks, pay attention to errors, such as CIDR range overlapping, invalid IP addresses, and other errors. | |
Scan method setting | Select at least one scan method from ARP cache scan, Ping scan, and Nmap scan.Note that if you select multiple methods, the host performance consumption of the host increases.If you select the Nmap scan method, you need to complete the corresponding settings.
Nmap scan You need to configure the CIRD blocks that you want to scan and the protocol and port for scanning.You can use the default settings or configure custom settings. Protocol Use the default setting If the default setting is used, the TCP protocol is used for scanning. Specify a protocol You can specify UDP only, TCP only, or both. You must specify at least one protocol.
Port Use the default setting If the default setting is used, the system scans specific ports. Specify ports You must specify at least one valid port. The system will check whether the ports you specified are valid ports. |
More scan settings | You can also customize scan settings by configuring the following items. If you do not specify these items, the default settings will be used. 1. Maximum number of concurrent scans 2. Maximum number of packets sent per second 3. Interval of tasks assigned by the server (The value is accurate to one decimal place. The unit is seconds. Note that the value cannot exceed the upper limit.) |
Start scanning
Click Start Checking to start a scan task immediately instead of waiting for the scheduled time.
Delete a scan task
Click the delete icon to delete the current scan task.Note:
(1) Ongoing tasks cannot be deleted.
(2) Deleting a task does not delete the existing scan results of the task
Modify a scan task
You can modify the configurations of a task.The method of modifying a task is similar to that of creating a task.Note:
(1) Ongoing tasks cannot be modified.
(2) Modifying a task does not affect the existing scan results of the task.
Update data dependency
2. Scan Results
The hosts that are not installed with the Server Security Defender agent are displayed on the Scan Results page.On this page, you can specify the start time and end time to filter the hosts that you want to view.
3. Ignored Host List
The hosts that you manually ignored are displayed on the Ignored Host List page.Select the hosts that you want to ignore and click the Ignore Host button to move them to the ignored host list.
You can un-ignore an ignored host. The host will then be moved back to the scan result list.