Skip to main content
Matrix42 Self-Service Help Center

Discovery

Use multiple discovery engines to initially populate Configuration Items (CIs).

Overview

FireScope includes multiple discovery engines as a means of initially populating Configuration Items (CIs), identifying changes in infrastructure and augmenting configuration data from integration partners.  Each discovery engine is configured independently, enabling you to choose which engines are appropriate for your environment and to schedule ongoing scans at an appropriate frequency based on the rate of change in your environment.  For example, you may want Network discovery to run only once a week if you are rarely introducing new physical servers or devices, while VMware discovery may be scheduled daily if you are frequently activating and decommissioning VMs.  Additionally, if you are pulling CI data from a CMDB integration partner, there is an option to automatically run discovery against each CI brought over, which can be useful for augmenting the configuration data pulled over and to identify the available attributes for monitoring.

For best results, multiple discovery scans using all appropriate engines should be used.  Each discovery engine can be configured to either automatically create and profile detected systems, or to follow a manual method whereby discovery results are only captured.  If using the manual method, administrators will need to view the discovery results and select the specific CIs that they want to monitor with FireScope.

Note: Discovery is by nature a somewhat invasive process. ALWAYS get approval from your Network Administrator before running Discovery jobs.

All discovery scans can be configured by navigating to the Discovery Job section of the Configuration menu.  You will need a minimum of Configuration Administrator permission to configure Discovery Jobs.  Prior to using any discovery scans, please make sure that all appropriate credentials have been configured.

The following is a short description of the available discovery engines.  Configuration of each engine is discussed in this section of the User Guide. 

  • Amazon AWS – The Amazon Web Services (AWS) discovery utilizes a connectivity to your CloudWatch account to create AWS attributes and map your instances as CIs. This enables monitoring for your cloud deployment and the hosted applications.
  • Load Balancer – The Load Balancer will be scanned to discover Cluster dependencies.
    For Cluster dependencies to be found, ensure you have added the proper SNMP credentials for the Load Balancer.
  • Network – This discovery engine is an NMap style network scan.  Initially, a range of IP addresses is scanned via ICMP to identify which addresses are currently in use.  This is followed by OS fingerprint discovery, SNMP discovery and a test of well known ports which can identify service applications such as Apache, MySQL, Active Directory and more.  These scans also check to see if a FireScope Agent has been deployed, which can further augment discovery results.
  • Dependency Discovery– This discovery engine listens to aggregate network activity between systems, either looking for URL end-points for web-based applications or for specific application communications (e.g. Active Directory).  From these starting points, you can choose the ones you care to monitor and the discovery will follow transaction paths or downstream communication to identify all of the dependencies of these services.
  • Network Topology – Using nearest neighbor and related commands, this discovery engine is designed to walk your network to identify what is plugged into what.  This helps the solution understand the physical dependencies within the infrastructure, such as which servers are connected to a given switch.
  • Virtual (VMware) – Leveraging VMware’s Engineering API, this discovery engine calls your vSphere or Vcenter instance and pulls down an inventory of your virtualized infrastructure, including physical hosts, VMs, data stores, data centers and more.  

Creating a Discovery Job

Click on Service Configuration > Discovery Jobs > Create. New Discovery Job page will be displayed.

NOTE:  All Discovery Jobs are created using this same initial page, but the subsequent pages and instructions will vary depending on which Job Type you select.

clipboard_e5fb7ee78d53704385710400925fdceca.png
  1. Job Information
    1. Name: Provide a name for this Discovery Job
    2. Edge Device:  Specify the Edge Device that will be executing this Discovery Job
    3. Job Type:  Select one of the Job Types listed – AWS, Load Balancer, Network, Topology, or Virtual
       
  2. Job Scheduling
    1. Enable Discovery Job:  Select to enable this job
    2. Run Once:  Select if you only want to run this job one time
    3. Frequency: Select the frequency that this job should run in minutes
    4. Timeout:  Select the maximum elapsed time the job should run before timing out

Creating an Amazon AWS Discovery Job

Job Type:  Select Amazon AWS and the Amazon AWS Discovery Settings page will be displayed.

clipboard_eecc918380199ef9c12c8f269a66c06c5.png

Connection Credentials

  1. Manage Connection Credentials:  Click this to specify the credentials required to access AWS
  2. Amazon AWS Connection: Click on the Edit button to display a list of possible AWS connections and select 1.
  3. Proceed to Result Processing Options – discussed below.

Creating a Load Balancer Discovery Job

Job Type:  Select Load Balancer and the Load Balancer Settings page will be displayed.

clipboard_ea2a0fd461d0f6f9c4a072a76548cdb83.png
  1. Global Discovery Exclusions: Click this button to specify a List of IPv4, IPv4 Ranges, CIDRs or Hostnames to exclude from Discovery Jobs, even if they are part of the Job’s specified network range.  It is recommended that you try to exclude any items that you can to make processing more efficient.
  2. Cluster Address: Enter the IPv4 or Hostname of the Cluster to scan. Limit: 1
  3. Proceed to Network Analysis Options – discussed below.

Network Discovery

Discoveries are essentially configured jobs of your network, whereby FireScope SDDM interrogates each asset it detects to identify what type of device it is

  • Identify what operating system is running on it
  • Check for specific active ports Each job can be scheduled to run periodically to identify new assets.

Note: To accomplish the above task the device IP should be pingable. If the ping on a device is disabled, the discovery will fail and not find any of the above information.

Create a Network Discovery Job

Job Type:  Select Network and the Network Discovery Settings page will be displayed.

clipboard_e6b82788543c00d72bc7c28a5cb27ba9f.png
  1. Manage Global Discovery Exclusions: Click this button to specify a List of IPv4, IPv4 Ranges, CIDRs or Hostnames to exclude from Discovery Jobs, even if they are part of the Job’s specified network range.  It is recommended that you try to exclude any items that you can to make processing more efficient.
  2. Global Discovery Exclusions: This area will be populated after making the exclusions on the Manage Exclusions page
  3. Address Inclusions: Enter and additional address you want to include using IPv4, IPv4 with Octet Ranges, CIDRv4, or Hostname. Comma-separate values [,].
  4. Additional Address Exclusions: Enter and additional address you want to exclude using IPv4, IPv4 with Octet Ranges, CIDRv4, or Hostname. Comma-separate values [,].
  5. Proceed to Network Analysis Options – discussed below.

Topology Discovery

The Topology Discovery feature in SDDM enables you to detect and map your network environment.  It creates a complete view of your assets and their interconnections which can be helpful in keeping the network functioning effectively. It can also be helpful in detecting any network problems. This feature provides an option to scan only the specified IP. Topology Discovery utilizes SNMP credentials.

 Create Network Topology Discovery Job

Job Type:  Select Topology and the Topology Discovery Settings page will be displayed.

clipboard_ebf8af818f98599a429d0ea65909ce30f.png
  1. Manage Global Discovery Exclusions: Click this button to specify a List of IPv4, IPv4 Ranges, CIDRs or Hostnames to exclude from Discovery Jobs, even if they are part of the Job’s specified network range.  It is recommended that you make an effort to exclude any items that you can to make processing more efficient.
  2. Global Discovery Exclusions: This area will be populated after making the exclusions on the Manage Exclusions page
  3. Starting IP Address:     This is where the discovery job will initially connect to the network. This IP address must be visible to the specified Edge Device.     For the best results, use a router as the starting IP address.
  4. IP Inclusions: Enter and additional address you want to include using IPv4, IPv4 with Octet Ranges, CIDRv4, or Hostname. Comma-separate values [,].
  5. Additional IP Exclusions: Enter and additional address you want to exclude using IPv4, IPv4 with Octet Ranges, CIDRv4, or Hostname. Comma-separate values [,].
  6. Proceed to Result Processing Options – discussed below.

Note: If any IP Inclusions are specified below, the starting IP address must be within the inclusions for discovery to work correctly.

Virtual Discovery

FireScope SDDM takes advantage of the Virtual Infrastructure Java API to communicate directly with VMWare Virtual Center, enabling direct access to all health metrics for the virtual center as well as the physical hosts and virtual machines associated with it. Using this process does not require an agent installation, nor any additional software. FireScope can discover VMware Assets by connecting to the VMWare Virtual Center API. Once a Virtual Center connection has been defined a Discovery Job is created. Log into FireScope SDDM as a FireScope or Configuration Administrator.

 Create Virtual Discovery Job

Job Type:  Select Virtual and the Virtual Discovery Settings page will be displayed.

clipboard_e5987e7e4e5fe710d06a06a9076d33c72.png

Connection Credentials

Virtual Environment Credentials:  Click Manage Connection Credentials to Select the connection to the Virtual Environment (or vCenter) to discover Host & Guest information.

Virtual Environment Connection: Click the edit button to select a connection

Address Settings

Address Inclusions:  Leave blank for “allow all,” or enter a whitelist of IPv4, IPv4 Ranges, CIDRv4s, or Hostnames. Comma-separate values [,].

Proceed to Network Analysis Options – discussed below.

Network Analysis Options

Select Network Analysis Options to display the Network Analysis Options page

clipboard_e43592ccedd9bfe413f8e90bf1534ad89.png

Scan Intensity: Define the number of process threads that will be used to execute the discovery scan. A higher number of threads will result in a faster scan, at the cost of increased network traffic from the FireScope Appliance. A lower number will result in a lower level of network traffic, but the scan will take longer to complete.

  1. Attempt Domain Name Resolution: By selecting this option FireScope Discovery attempts to resolve discovered IP addresses to Fully Qualified DNS hostnames.
  2. Attempt Operating System Analysis: FireScope Discovery will attempt to perform an Operating System analysis based on the ports it identifies as Open and Listening.
  3. Analyze Remote Procedure Call Ports: When an open Remote Procedure Call service port is identified, Discovery will attempt to query it to find other open RPC services on the discovered host.
  4. Analyze Network Service Ports: FireScope Discovery can identify open Network Services on discovered CIs. When an open TCP service port is identified, Discovery will attempt to query it and identify the Network Service name, and version for that Listening Port.
  5. Analyze Well-Known OS Ports: FireScope Discovery utilizes open TCP ports to assist in performing Operating System analysis and identification. While you can specify a list of ports to use to perform the Scan, FireScope also provides a list of ‘well-known’ Operating System ports. This list of well-known ports will be added to the scan to improve OS detection. The full list of currently well-known OS Ports included in this option:
  6. Analyze Network Route: FireScope Discovery can determine the network location and distance of discovered IP CIs. This is done by tracing the route path to the discovered IP address.
  7. Collect NetApp ONTAP Data: Connect to NetApp ONTAP with available credentials and create NetApp specific metrics.
  8. Collect SNMP Data: FireScope Discovery can identify and query SNMP enabled devices on your network. Enabling this option allows the Discovery engine to execute SNMP queries using the SNMP credentials supplied (including SNMPv3) in the order listed. This can result in a more accurate device and service identification. For more information on SNMP polling and community strings, please reference the FireScope Administration guide
  9. Collect SSH Data:  FireScope Discovery use SSH to execute commands on the server in order to gather information about the devices on your network. Enabling this option allows the Discovery engine to authenticate as the specified users in the order listed below. This can result in an agentless scan, with a more accurate device and service identification.
  10. Collect WMI Data: FireScope Discovery use the Windows Management Interface to gather information about the devices on your network. Enabling this option allows the Discovery engine to authenticate as the specified users in the order listed below. This can result in an agentless scan, with a more accurate device and service identification.
  11. Port Checks (TCP and UDP):This defines the specific probe that you wish FireScope to conduct. You define a probe based on the Service you check and the port. A given Job can include multiple checks.

Result Processing Options

Select Results Processing Options to display the Results Processing Options page

clipboard_e537f5b830757a2a95b8742d8c4ac61b3.png
clipboard_ee17e2ffacb42c5e9f9a8178598327771.png

Business Services

  1. Create Dependencies: If enabled, relevant Dependencies will be created as “New” between any Configuration Items discovered.
  2. Create a Service Group from Results: If enabled, any dependencies that are created will be placed into a new Service Group with this Discovery Job’s name.

Configuration Items

  1. Create Configuration Items from Results: If enabled, new Configuration Items will be created from devices at an IP address not previously associated with a Configuration Item.
  2. Update Existing Configuration Item Inventory: If enabled, “Configuration Item Inventory” information will be refreshed for existing Configuration Items only.
  3. Execute a Network Discovery Job on results: For certain types of Discovery Jobs, an additional Network Discovery Job may be run on the discovered IPs to better define the Configuration Item Inventory results.

Attributes

  1. Manage Discovery Rules: If any discovery Rules have been created, enable this option to apply them to newly discovered Configuration Items
  2. Apply Discovery Rules: If any Discovery Rules have been created, enable this option to apply them to newly discovered Configuration Items

Blueprint Assignments

Note: The details of applying Blueprints will vary based on the type of Discovery Job being created. A couple of examples are described below.

  1. Blueprint: Select a Blueprint with Blueprint Attributes describing how Device Inventory information will be configured & labeled.  The Blueprint Attributes should have the appropriate macros used in their names (where applicable) to make distinctions between similar components.
  2. SNMP Object ID Blueprints: For the specified SNMP Object IDs (OIDs), select a blueprint that contains blueprint attributes to describe its metric, and specify the response column containing the description to use in the attribute. Blueprint attributes should have the appropriate macros used in their names (where applicable) to make distinctions between multiple attributes of the same metric on similar components.

Credentials

Select Credentials to display the Credentials page

clipboard_e9f46527373f9c0be3e5742da84c9af58.png

SNMP Credentials: When trying to access a device, the selected credentials will be tried in the order they are saved. To give priority to a specific credential, drag it to the top of the list.

NetApp ONTAP Credentials: When trying to access a device, the selected credentials will be tried in the order they are saved. To give priority to a specific credential, drag it to the top of the list.

SSH Credentials: When trying to access a device, the selected credentials will be tried in the order they are saved.  To give priority to a specific credential, drag it to the top of the list.

WMI Credentials: When trying to access a device, the selected credentials will be tried in the order they are saved. To give priority to a specific credential, drag it to the top of the list.

Edit, View, Disable or Delete a Network Discovery Job:

  1. Log in to FireScope as a FireScope or Configuration Administrator.
  2. Click Configuration > Discovery Job > List. The Discovery Job page lists all the current Discovery Jobs for the selected Edge Device.  Note: You can filter and sort the list using the column headers.
  3. Find the Discovery Job that you want to Delete or Disable in the List
  4. Go to the end of row for that Discovery Job and click on the 3 dots
  5. Select the action you would like to take – Edit, View, Disable or Delete
    1. If Disable or Delete a confirmation window will be displayed.
      1. Click on OK to confirm
    2. If Edit you will proceed to the Edit Discovery Job Page
    3. If View Results you will proceed to the Discovery Job Results page

Click on Configuration > Discovery Job > List. The Discovery Job List page will be displayed.

clipboard_e5b01561a6b4e5429aa6c57425074a052.png

The list may be sorted and grouped by the column headings shown

 

Discovery Exception

You can view information about any errors or exceptions that are found during a network discovery scan. Click on Configuration > Discovery Job > Result Exceptions. The Discovery Result Exceptions page will be displayed.

clipboard_e4e679c6b42f8db1790810853ae8b93a9.png
  1. If, after reviewing the Exception, you want to Edit the Discovery Job, you may do so by clicking on the 3 dots at the far right of the row that has the exception.

Discovery Rules Settings

Discovery settings define how FireScope SDDM should respond when assets matching specific parameters are discovered. For example, for any asset running Windows 2003 Server that FireScope discovers, you want to automatically: It filters the results of all discovery jobs. Add the CI to the Windows Servers Logical Group.

  • Link the CI to the Windows and Windows Disks Blueprints
  • Create a CI

Create Discovery Rules:

  1. Log in to FireScope SDDM as a FireScope or Configuration Administrator.
  2. Click Configuration > Discovery Job > Rules. The Discovery Rules page will be displayed.
clipboard_eb38cfeccbe9ed0c0bfe5de811b22c38e.png
  1. In the top right corner, click the + sign and the New Discovery Rule page will be displayed.
clipboard_e019fa2c851ba5c74c0a3968193cd3ee3.png

Details

Discovery Rule Name: Provide a unique name for this Discovery Rule Limit to Selected Discovery Job: Only Network or Load Balancer Discovery Jobs. Limit: 1

Filter Criteria – Selecting Filter Criteria displays the Filter Criteria page shown below.

clipboard_e324644ac8e257650d9f09a5d72786ebb.png
  1. Choose logic Operator: Use “AND” if all criteria are required; use “OR” if only 1 criterion is required.
  2. + Add Criteria: Click this to add additional filter criteria to this Discovery Rule.
  3. Filter On: Make a selection from the Filter On selector at the bottom of the page.
  4. Where the Value: Make a selection for the type of evaluation you want to do.
  5. Enter a Value: Enter the value that you want to do an evaluation on.

Action – Selecting Action displays the Action page shown below.

clipboard_edb7fd0e01e7d3921a10f71e0c29f6266.png
  1. Select an Action: Select the action you would like to perform when SDDM has detected a match to your rule
  2. Action Component: To the right of the Select an Action field is a blank line whose contents will vary depending on the action selected.  Clicking the Edit button will allow you to make a selection appropriate for the desired action from the tray on the right of the screen.

New Filter Options

The following table describes the Discovery Rule filter options.

Condition Example Looks at Description
Asset Type Switch Host Compares to the Asset Type of the asset found through Discovery.
CI Type Network Host Compares to the CI Type of the asset found through Discovery.
Comments like Public Applications Checks the descriptions of each application found through Discovery.
DNS foo.FireScope.int Host Compares to the DNS of the asset found through Discovery.
IP Address <> 192.168.0.1 Host Compares to the IP address of each asset found through Discovery. Must be the complete IP address.
Listening Port 80 Applications Determines if there was a response from this port, which indicates a program is actively listening to this port. In this example, we’re looking for active web servers. Use Listening Port in conjunction with the Port Status condition.
MAC Address Err:502 Host Compares to the MAC address of each asset found through Discovery. Must be the complete MAC address
Model Cisco 6509 Host Compares to the Model of the asset found through Discovery.
Network Distance 1 Host Number of network hops that separate the discovered asset from the FireScope appliance.
OS 1 Like Linux Host FireScope performs multiple tests to try to identify the operating system of the discovered asset. The most likely match is OS 1, followed by OS 2 as a secondary check.
OS 2 Not Like Windows Host FireScope performs multiple tests to try to identify the operating system of the discovered asset. The most likely match is OS 1, followed by OS 2 as a secondary check.
Port Status #NAME? Applications Checks the status of the listening port. Possible values include open, filtered, and closed. Use Port Status in conjunction with the Listening Port condition.
Product Name Like Apache Applications When checking ports during a Discovery Job, FireScope queries the name of the application.
Product Version Like 2.1.6 Applications After querying a discovered application for its name, FireScope also requests its version number.
Protocol #NAME? Applications This condition looks at what protocol was used for scanning a port. Possible values include tcp and udp. Should be used in combination with Port Status to filter only ports that have a listening application.
Serial SCA043703EU Host Compares to the Serial Num of the asset found through Discovery
Service Category #NAME? Applications Depending on the type of application that is discovered, it may return a category of service. Many possible outputs exist, depending on the vendor.

Edit, Enable, Disable or Delete Discovery Rules:

  1. Log in to FireScope SDDM as a FireScope or Configuration Administrator.
  2. Click Configuration > Discovery Job > List. The Discovery Rules list page will be displayed.
  3. Find the rule that you want to edit and go to the far right and click on the three dots to edit the Rule
  4. Edit, Enable, Disable or Delete the Rule as needed.
  5. Click on the Save button.


Note: You can filter and sort the list using the column headers.

SysObjectID Model Mapping

To enhance Network Discovery and CI Profile results map SNMP SysObjectIDs to Models.

Create SysObjectID Model Mappings Click on SysObjectID Model Mappings button on the discovery network page. SysObjectID Model Mappings page will be displayed.

clipboard_ee4abdb1cdf3c328533b1f7cc10a24481.png
  1. Click on the Create button (on the upper right-hand corner). Create SysObjectID Mappings page will be displayed.
clipboard_e6b591743122fd28310249b3f59c78e2e.png
  1. Enter System Object ID
  2. Select Manufacturer from the drop-down list
  3. Select Asset Type from the drop-down list
  4. Enter Model number.

To Edit or Delete a SysObjectID

  1. Click on the SysObjectID on the existing SysObjectIDs page.
  2. SysObjectID Mappings page will be displayed.
  3. Alternatively, you can click on the three dots at the end of the row for the particular SysObjectID you are interested in to Edit or Delete to the SysObjectID mapping.
clipboard_e2280f12ca51e4eb613214016cef1ec1f.png
  1. Make necessary changes and click on the Save button.

Deleting a Job

When you delete a job, only the results will be affected. CIs created from this job will be left intact. Without the job results, the hierarchy view will no longer be available.

Clusters

You can create Clusters by running a Load Balancer Discovery Job or you can create them manually. If any new Clusters are discovered by the discovery job they will be added to the Cluster List as Pending. You can click on the check box next to the Pending cluster and click on the Approve Selected button (top right corner of the page). The status of the newly found Clusters will change to Approved and upon approval Logical Group, Delegate CI(Cluster/VIP) and Cluster Member will be created.

To Create a Cluster Manually

  1. Click on Configuration > Clusters > Create. New Cluster page will be displayed.
clipboard_e699b7a91d0f60f327937950e17b45e67.png
  1. Enter Name for this Cluster.
  2. Select the Cluster Type from the drop-down box.
  3. Logical group will be created when you Save this cluster.
  4. Delegate CI: Select a CI to designate as this Logical Group’s delegate. Note: This CI should be used to contain any grouped check Attributes based on this Logical Group and can be used with Logical Group Blueprint applications.
  5. Port: Enter the appropriate Port.

Cluster Members: Select the Configuration Items to add the members of the clusters.

To View Clusters

  1. Click on Configuration > Clusters > List. The Cluster List page will be displayed.
clipboard_e6cd32c7fd648a528be7195e8cffcf44d.png
  • Was this article helpful?