Device discovery & identification in Micro Edge
Overview
Device visibility allows administrators to see a list of the devices (AKA clients) that are connected to the network in real time. As the attack surface expands with more IoT devices and users connecting with their personal devices (BYOD), admins need to know as much as possible about the devices accessing their networks.
Network Discovery scans your network at a configured interval to locate and identify all devices connected to it. Micro Edge offers three scan methods, called plugins.
Important note: enabling Device Discovery in Micro Edge requires an active Security Edition subscription.
Enabling network discovery
Go to Settings > Services > Network Discovery to manage your client discovery methods.
Plugins
This section enables you to control which methods are used to scan your network and discover devices.
LLDP and NMAP scans can be resource-intensive while scans are running. For that reason, NMAP scans are run in a sequential fashion to minimize any potential performance impact, so results may take time to appear in the Clients listing.
Note that some networking monitoring tools may interpret a network-wide LLDP or NMAP scan as unauthorized traffic.
NEIGHBOR scans are very lightweight and are not expected to have an impact on performance or trigger security/monitoring services.
On-demand scan
To activate a scan immediately, click the Run Sync button. Note that a feature must be enabled to run an on-demand scan.
Viewing devices
Click Clients in the navigation bar to open the clients table. This view provides details about all client devices connected to your network.
All details are as of the time of the scan. The table is updated each time a scan is run.
MAC Address | The hardware address of the device. |
Last Seen | The last time the device was detected by a scan. |
Client Address | The device's IP address. |
Client Interface | The interface which the client is connected to. |
System Info | The kernel or operating system running on the client. |
Host Name | The client's hostname. |
Data Usage | The total amount of data usage by this client, both inbound/received and outbound/sent. |
Active Sessions | The number of sessions active on the client. |
Active Transfer Rate | The client's transfer speed. |
Removing clients
A client is automatically dropped from the Clients view when it has generated no sessions and not been discovered by any Network Discovery scans for 24 hours.
Follow
Comments
0 comments
Please sign in to leave a comment.