How to add a device discovery

This document provides information on how to add a device discovery in the Segura® Platform. This configuration enables the automatic identification of assets based on an IP range and supports additional integrations, filtering, scheduling, and import features.

Add a device discovery

To add a device discovery, see the following steps:

On Segura® Platform, in the navigation bar, hover over the Products menu and select Discovery.
In the side menu, select Management > Discovery.
In the Discovery report, click Add.
Select Device as the discovery type.
In the Settings tab, enter the following information:
1. In the Name * field, enter a name for the discovery.
2. Optional: In the Enable origin-based segregation (IP range) field, toggle to enable origin-based segregation. By enabling this option, the glossary’s field Version ID string * will be ignored. Make sure to have an IP segregation configured; otherwise, this field won’t work. More information in How to create a discovery segregation through IPs.
3. In the Initial IP * field, enter the starting IP of the range.
4. Optional: In the Final IP field, enter the final IP of the range.
5. Optional: In the Site field, enter the site where your device is located.
6. In the Enabled * field, select Yes or No to enable or disable the discovery.
Click Continue.
In the Connection tab, enter the following information:
1. In the Access credential field, select a credential.
2. Optional: In the Network Connector field, select the network connector responsible for performing the scan.
3. Optional: In the Configuration password (ex: enable) field, enter the configuration password for devices such as switches.
4. Optional: In the Force sudo use field, enable to force the commands to run with sudo on Linux or Unix.
5. Optional: In the Access using pool of credentials section, click + Add to select the pool of credentials.
  1. Select the pool and click Add.
Click Continue.
In the Searches tab, select the following information:
1. In the Search for credentials field, select to discover credentials.
2. In the Search for devices groups field, select to discover devices groups.
3. In the Search for certificates field, select to discover certificates.
4. In the Find DevOps artifacts field, select to discover DevOps artifacts.
5. In the Monitor unauthorized access (1 hour intervals) field, select to monitor unauthorized credential access every hour.
6. In the Identify accounts in application pools (IIS) field, select to discover credentials in IIS application pools.
7. In the Search FQDN in Windows devices field, select to obtain Windows devices’ FQDN.
8. In the Identify Windows accounts associated with a service field, select to discover Windows credentials associated with services.
Click Continue.
In the Plugin Information tab, select the following information:
1. In the Plugins for discovery section, click + Add to select the plugins used for discovery and enter the port.
  Info
  - The Windows plugin is required to identify Windows accounts used for services.
  - The SQL Server plugin uses port 1434 only for servers with dynamic ports.
Click Continue.
Optional: In the Execution tab, enter the following information:
1. In the Keep scan active after import? * field, select to keep the discovery looking for new credentials after the first import.
2. In the Days allowed for execution section, select when the discovery will run.
3. In the Periods allowed for execution section, select at what times the discovery will run.
4. In the Minimum interval between runs section, select the interval between each scan of the discovery.
Click Continue.
Optional: In the Import tab, enter the following information:
1. In the Enable automatic importation of devices and credentials? * field, toggle it to enable automatic importation of devices and credentials directly into [PAM Core]().
2. In the Credential import section, click + Add to enter the credentials’ username to be imported automatically.
Click Continue.
Optional: If you selected to discover certificates through the discovery, enter the following information in the Certificates tab:
1. In the Certificate’s origin field, select the origin of the certificate.
2. In the Import all certificates automatically field, toggle it to import all certificates found directly to Certificate Manager.
3. In the Port for access via SOAP (F5/BigIP) field, enter the port for access if you select F5 or BigIP as the origin of the certificate.
Click Continue.
Optional: If you selected to discover DevOps artifacts through the discovery, enter the following information in the DevOps tab:
1. For Ansible settings:
  1. In the Enable Ansible service field, toggle to enable Ansible service.
  2. In the Search playbooks field, toggle to search for playbooks.
  3. In the Search roles field, toggle to search for roles.
  4. In the Search hosts field, toggle to search for hosts.
2. For Jenkins’ settings:
  1. In the Enable Jenkins service field, toggle to enable Jenkins service.
  2. In the Search jobs field, toggle to search for jobs.
  3. In the Search nodes field, toggle to search for nodes.
  4. In the Search users field, toggle to search for users.
  5. In the Jenkins’ access token field, select what access token to use.
  6. In the Access port field, enter the access port.
3. For Kubernetes’ settings:
  1. In the Enable Kubernetes service field, toggle to enable Kubernetes service.
  2. In the Search secrets field, toggle to search for secrets.
  3. In the Bearer token field, toggle to use bearer tokens.
  4. In the Credential access Kubernetes field, select the credential to access Kubernetes.
  5. In the Access port field, enter the access port.
Click Continue.
In the Review tab, review all information entered previously and click Save.

The newly created discovery will appear on the Discovery report screen.