addmi 12-basic scan

© 2009 BMC Educational Services

Scanning Basics

Telling Atrium Discovery What and When


The Basics of Scanning Outline

Basic Discovery Essentials: What to scan

IP ranges Credentials Exclude ranges

When to scan Setting up discovery runs

View Results Discovery Run details Node details Provenance details


The Basics of Scanning

Scanning is a process of probing your network to see what information can be gathered about the endpoints found

You need to tell Atrium Discovery What to scan (and perhaps what not to scan)

IP ranges (one, or a range, or a list) How to access a host (end-point)

Credentials available (for logging in) Where the Windows Slave is installed

This is covered is depth later in the course


The Discovery Process

Scan of an IP range via the discovery run: The discovery engine tries each IP address in the range looking for

endpoints Checks for matches in the exclusion list. Determines the host and OS type (platform) If the host has had a previous successful login, the same credentials

will be attempted first If not, login credentials will be attempted in the UI display order, UNIX

first then Windows and finally SNMP Run a platform-specific script, and potentially other commands, to

learn about the device Writes this information into the datastore


Choosing IP Ranges

Accessed Via “Add new run” List individual machines to scan

e.g. 231.234.11.32

Choose subranges e.g. 10.1.1.1-56

Choose subnet Mask e.g. 192.168.1/24


Scheduling Runs

Can add an ad-hoc (snapshot) or scheduled discovery runs


Choose the Scanning Level

Sweep scan Is there anybody there? Note: Host nodes will NOT be created at this level

Host Identification - basic host information Host Information - run discovery commands but not patterns Full discovery - the works


What Scanning Level to Use

For general use: Full Discovery to ensure the most amount of information is recovered

During initial deployment: Sweep Scans to get a rough understanding of the environment before configuring

credentials


Discovery Protocols

Without logging in Telnet banner scraping Port scanning HTTP HEAD

Logging in SSH, rlogin, telnet WMI, remcom, rcmd SNMP

Port scanning, telnet banner, HTTP HEAD

ssh, telnet, rlogin, SNMP, rcmd


Scanning Credentials

You can add credentials for single devices and ranges Can use regex wildcards Will be tried in display order

Login credentials SNMP credentials Database credentials


Login Credentials

Can create credentials for a singe device ip or range Can use regex (.* or 10.10.10.(23|25)) or a range specification (10.10.10.* or 10.10.1-5.* or 10.10.10.0/24)

Will try each credentials in the order displayed By default, will store the last successful credentials for each host to use in future

runs


Setting SNMP Credentials

SNMP credentials are called community strings Use or request a readonly (RO) string for tideway discovery


Add Exclude Ranges

Add IP ranges of hosts that should NOT be included in discovery

Useful for excluding sensitive or fragile hosts


Discovery Results


View Discovery Results

Can look at the types of data recovered DDD (Directly Discovered Data)

View discovery access reports Reporting on discovery as a whole


View Discovery Runs

View statistics of an individual discovery run

Can drill down to view the host details page or details from DiscoveryAccess

Skipped or error results Some no access details No Response (dark space) Errors


Further Information

Online Documentation: http://www.tideway.com/confluence/display/81/

Using+BMC+Atrium+Discovery

Tideway Foundation

Version 7.2

Documentation

Title


Basic Scan Exercises

addmi 12-basic scan

Technology

tideway discovery

discovery commands

atrium discovery

discovery useful

discovery protocols

discovery engine

scheduled discovery

view discovery results