How to add a container discovery

This guide explains how to register a Container type discovery on the Segura platform. This configuration allows identifying active containers running on monitored hosts, performing associated searches, and automating import and execution processes.

Access path

1. In the left sidebar menu, click Management.
2. Select the Discovery option.
3. On the main screen, click Add and, in the dropdown menu, choose the Container option.

Fill in the initial settings

1. In the Settings tab, fill in the following fields:
   • Name: Identifier for the discovery.
   • Container host: Select the host where containers are running.
   • Enabled: Select Yes to activate the discovery.
2. Click Continue to proceed.

Configure access credentials

1. In the Connection tab, define the authentication and connection parameters:
   • Access credential: Select the credential stored in the vault that will be used for connection.
   • Network Connector: Select the network connector that will remotely execute the discovery.
   • Configuration password (e.g., enable): Optional password field used in specific devices.
   • Force sudo use: Activate to allow use of sudo commands during execution.
   • Pool of credentials: Optionally, select credential pools for fallback. Click Add to include pools.
2. Click Continue to proceed.

Select search objects

1. In the Searches tab, select the items the discovery should look for:
   • Search for credentials
   • Search for device groups
   • Search for certificates
   • Find DevOps artifacts
   • Monitor unauthorized access (1-hour intervals)
   • Identify accounts in application pools (IIS)
   • Search FQDN in Windows devices
   • Identify Windows accounts associated with a service
2. Click Continue to proceed.

Configure container search

1. In the Search containers tab, define the container scan scope:
   • Search only running containers: Enable this to limit the scan to currently running containers.
2. Click Continue to proceed.

Enter plugin information

1. In the Plugin Information tab, add the plugin data used for discovery:

   • Click Add to include a specific plugin.
   • Enter the Ports (separated by commas) used by the plugin.
   Info

   • Windows plugin is required to identify accounts used for services.
   • For SQL Server plugin, port 1434 is only used for servers with dynamic ports.

2. Click Continue to proceed.

Set execution rules

1. In the Execution tab, configure automation settings for the discovery:
   • Keep scan active after import?: Defines whether the scan will continue running after import.
   • Days allowed for execution: Select which days the scan is allowed to run.
   • Periods allowed for execution: Define time intervals during the day (e.g., 08:00–12:00).
   • Minimum interval between executions (in hours): Set the minimum frequency (e.g., 24 hours).
2. Click Continue to proceed.

Certificates tab

Configure the certificate discovery options:

• Certificates origin: Apache, Nginx, Tomcat, IIS, Workstation Windows, IBM Websphere, Microsoft CA, Palo Alto, Kubernetes, NetScaler.
• Search certificates in directories
• Search certificates without login
• Import all certificates automatically
• Extra settings for F5/BigIP: Configure the SOAP port.

DevOps tab

Configure DevOps tool integration:

• Ansible

  • Enable service
  • Search playbooks
  • Search roles
  • Search hosts

• Jenkins

  • Enable service
  • Access token
  • Access port
  • Search jobs
  • Search nodes
  • Search users

• Kubernetes

  • Enable service
  • Select credential
  • Access port
  • Search secrets
  • Bearer token

Review discovery configuration

1. In the Review tab, confirm all information entered in the previous steps.
2. After reviewing, click Save to register the discovery.