Discovering Assets in Your Network

Applies to Product: USM Appliance™ LevelBlue OSSIM®

Understanding what is in your environment is a critical step towards identifying threats and vulnerabilities.

When you complete the Asset Discovery task in the Getting Started Wizard, you can use the built-in asset discovery capability to do the following:

  • Scan your networks and find assets
  • Manually enter assets
  • Import assets from a CSV file

Note: Before scanning a public network space, see Addendum Notice Regarding Scanning Leased or Public Address Space .

Scan and Add Assets window for Getting Started Wizard.

This task informs LevelBlue USM Appliance about the network topology. This enables you to successfully run asset scans, vulnerability scans, and use other built-in capabilities.

To scan your networks for asset discovery

  1. From the Asset Discovery page of the Getting Started Wizard, click Scan Networks.
  2. On the Scan Networks page, choose one or more networks to scan.

    Scan Networks window for Getting Started Wizard.

    You should already have one or more networks defined, based on either the default management interface or on any additional networks that you defined that were not on the same subnet. See Configuring Network Interfaces.

    If you do not see the desired network, you can add or import them on this page, see Adding More Networks Manually or Importing Networks From a CSV File, respectively.

  3. Click Scan Now.

    The confirmation page displays the number of assets that can be scanned, based on the network defined.

  4. Confirm the asset scan by clicking Accept.

    5. Note: If you created a large network (for example, 10.10.10.0/16), the scan may take a long time. We suggest that you create smaller networks. You can stop the scan while it is running, but no asset data will be retained if you do so, and you must run the scan again.

  5. After the scan has finished, USM Appliance prompts you to schedule a recurring scan. This periodic scan helps you discover any changes in the environment promptly.

    The default is a weekly scan.

  6. To change the frequency to either daily or monthly, expand the list box. To select no scan, click the "x."
  7. Click OK to accept and continue.

Adding More Networks Manually

To add more networks manually

  1. On the Scan Networks page, type a meaningful name into the Add Networks field to describe the network, for example, DMZ or Employee Office.
  2. Type the CIDR notation for the network.
  3. (Optional) Type a description for the network to distinguish it, if helpful.

  4. Click +Add.

    Note: If you make a mistake and define the network incorrectly, use the delete icon (trash icon) to delete and re-enter the network.

Importing Networks From a CSV File

To import networks from a CSV file

Note: Pay attention to the formats allowed in the CSV files. The CIDR field is required. It can be a comma-separated list. The delimiter for the columns is a semicolon.

  1. Click Import from CSV to display more options.
  2. Click Choose File and select a CSV file.
  3. Click Import to upload the selected file.

You can also import a list of assets from a CSV file.

To import assets from a CSV file

  1. Click Import from CSV.

    The Import Assets from CSV popup appears.

  2. Click Choose File and select a CSV file.

  3. Click Import to upload the selected file.

    A confirmation screen displays showing the number of hosts that have been imported.

If you do not have access to a list of assets in the form of a CSV file, you can quickly add them manually.

To add an asset manually

  1. On the Scan & Add Assets page, type a meaningful name for the asset (for example, domain controller).
  2. Type the IP address in the field provided.
  3. Choose the asset type from the list.

  4. Click +Add.

  5. After you have finished adding all the assets, click Next at the bottom-right corner to proceed.