Discovery Rules
Overview
Discovery Rules allow you to define custom filters and actions that FireScope should take when the Network Discovery Job finds matching devices in its results set. For example, when any Windows 2003 server is discovered, FireScope can automatically link the CI that is created to a specific blueprint or put it into a Logical Group.
Discovery Rules List
As a Configuration Administrator or FireScope Administrator, visit the Configuration > Discovery > Rules page to view, manage, and create Discovery Rules. In the far-right column is a 3-dot button. Clicking this button will reveal a context menu of available actions to take on a given Discovery Rule.
Discovery Rules Edit Form
To create a Discovery Rule, click on the "Add" (+) button in the top-right of the List page. To edit an existing Discovery Rule, click the name from the List, or the Edit Discovery Rule context menu item for the row.
Details Section
| Field Name | Description | Required? |
|---|---|---|
| Discovery Rule Name | Enter a short, descriptive name for the rule | Yes |
| Limit to Selected Discovery Job |
If you wish to only apply this rule to a specific Network Discovery Job, click the "Edit" button and select the desired job. Alternatively, leave it blank to apply to any Network Discovery Jobs configured to use them. For rules to apply to all Network Discovery Jobs, you must select to "Apply Discovery Rules" in the Result Processing Options Panel, Attributes Subsection for the Network Discovery Jobs. |
No |
Filter Criteria Panel
- Choose the Logic Operator for how the Filters should be combined, using
ANDorORlogic.ANDlogic will require all criteria to match before taking action.ORlogic will require only 1 of the criteria to match before taking action.
- Choose a Filter On field and click the "Add Criteria" button to add a Filter Criteria Row.
- Choose the appropriate Where the Value comparison option, and if available, Enter a Value.
- Each Filter On field will have a unique set of comparison options in the Where the Value dropdown.
- Some Filter On fields will have a field to enter a value depending on the selected Where the Value dropdown option.
To remove a Filter Criteria, click the Delete (trash can) button.
At least 1 Filter Criteria is required to save the Discovery Rule.
Filter On Field Options
| Filter On | Example | Looks at | Description |
|---|---|---|---|
| Asset Type | Switch | Host | Compares to the Asset Type of the asset found through Discovery. |
| CI Type | Network | Host | Compares to the CI Type of the asset found through Discovery. |
| Comments | like Public | Applications | Checks the descriptions of each application found through Discovery. |
| DNS | foo.FireScope.int | Host | Compares to the DNS of the asset found through Discovery. |
| IP Address | <> 192.168.0.1 | Host | Compares to the IP address of each asset found through Discovery. Must be the complete IP address. |
| Listening Port | 80 | Applications | Determines if there was a response from this port, which indicates a program is actively listening to this port. In this example, we’re looking for active web servers. Use Listening Port in conjunction with the Port Status condition. |
| MAC Address | Err:502 | Host | Compares to the MAC address of each asset found through Discovery. Must be the complete MAC address |
| Model | Cisco 6509 | Host | Compares to the Model of the asset found through Discovery. |
| Network Distance | 1 | Host | Number of network hops that separate the discovered asset from the FireScope appliance. |
| OS 1 | Like Linux | Host | FireScope performs multiple tests to try to identify the operating system of the discovered asset. The most likely match is OS 1, followed by OS 2 as a secondary check. |
| OS 2 | Not Like Windows | Host | FireScope performs multiple tests to try to identify the operating system of the discovered asset. The most likely match is OS 1, followed by OS 2 as a secondary check. |
| Port Status | #NAME? | Applications | Checks the status of the listening port. Possible values include open, filtered, and closed. Use Port Status in conjunction with the Listening Port condition. |
| Product Name | Like Apache | Applications | When checking ports during a Discovery Job, FireScope queries the name of the application. |
| Product Version | Like 2.1.6 | Applications | After querying a discovered application for its name, FireScope also requests its version number. |
| Protocol | #NAME? | Applications | This condition looks at what protocol was used for scanning a port. Possible values include tcp and udp. Should be used in combination with Port Status to filter only ports that have a listening application. |
| Serial | SCA043703EU | Host | Compares to the Serial Number of the asset found through Discovery |
| Service Category | #NAME? | Applications | Depending on the type of application that is discovered, it may return a category of service. Many possible outputs exist, depending on the vendor. |
Action Panel
Select an Action from the dropdown that will be taken if the Filter Criteria is met. Available actions at the time of this writing:
- Link to Blueprint
- Select a Blueprint from the Blueprint Picker to be assigned to the scanned Configuration Items (CIs).
- Unlink from Blueprint
- Select a Blueprint from the Blueprint Picker to be removed from the scanned CIs.
- Add to New Logical Group
- Enter the name of a new Logical Group to be created, and the scanned CIs will be added to it.
The Logical Group will be created when the Discovery Rule is saved, and this rule will be updated to "Add to Existing Logical Group," as the group will now exist.
- Add to Existing Logical Group
- Select a Logical Group from the Logical Group Picker, and the scanned CIs will be added to it.
- Remove from Logical Group
- Select a Logical Group from the Logical Group Picker, and the scanned CIs will be removed from it, if they are members.
- Add to New Service Group
- Enter the name of a new Service Group to be created, and the scanned CIs will be added to it.
The Service Group will be created when the Discovery Rule is saved, and this rull will be updated to "Add to Existing Service Group," as the group will now exist.
- Add to Existing Service Group
- Select a Service Group from the Service Group Picker, and the scanned CIs will be added to it.
Deleting Discovery Rules
From the Discovery Rules List a Configuration Administrator or FireScope Administrator can use the context menu in the far-right column to select the "Delete Discovery Rule" option and follow the modal prompts to completion.
From the Discovery Rule Edit Form, a Configuration Administrator or FireScope Administrator can click the Delete (trash can) button at the bottom of the page, and follow the modal prompts to completion.
Deleting a Discovery Rule will not impact any other object. All associated Discovery Jobs will remain.