An overview of all network devices existing in the company is elementary. It is the basis of any measures to increase the security level. To automatically and permanently scan your network for its participants, install a Watchdog that handles asset discovery.

Set up Asset Discovery

1. To perform an Asset Discovery, you need an installed Watchdog. After installation, go to the settings of the installed Watchdog.

2. Go to 'Watchdogs' and simply click on the corresponding watchdog.

3. If you wish, you can assign an alias.

4. To start with Asset Discovery, activate the option "Permanent monitoring". The watchdog now permanently scans the network traffic for new IP addresses and transmits its intermediate results in five minute intervals. You will therefore receive the first results in the Inventory and Asset Map after only five minutes.

Which configurations are possible in detail, you can read in the section Watchdogs.

Inventory

The inventory collects in list form all assets detected by Asset Discovery. The overview also provides further details: Subnet, manufacturer and details of the device (if stored), which watchdog found the asset and when it was last seen.

With the searchbar you can search and filter the inventory.

Click on an asset to add more information to the inventory. Several fields are available for this purpose: Categorize your assets, assign an alias and appropriate tags, assign responsibilities, and store the location.

Once you have reviewed the asset and documented it accordingly, you can mark the asset as "reviewed". This means that you have taken care of the asset. A green icon then appears in front of the asset in the inventory.

You can use the button to the right of the IP address to switch to the Asset Map so that you can see where the asset is located.

You can also set up a ping and port check of assets directly from the inventory. Learn more about the possibilities of agentless monitoring at Observations.

Asset Map

The asset map provides a graphical representation of the results of the asset discovery. The assets are grouped by subnets and/or Watchdogs.

Click on the assets for more information.

Reports

Have reports output to PDF. Just click on 'Create Report' and you will get a PDF overview of all assets in the inventory.

Watchdogs

You get an overview of all installed Watchdogs. The list shows the version of the watchdog, the scanable network area, the IPS and the status.

Add Watchdog

To add a watchdog just press the button Add Watchdog and execute the source code with root rights on a linux powered server or computer.

Configuring Watchdog

To configure your watchdog simply click on it.

General Settings

Give your Watchdog a name of your choice - an alias. So you keep a better overview of your watchdogs.

Activate Permanent monitoring to start Asset Discovery. Subsequently, the Watchdog permanently scans the network traffic for new IP addresses and transmits its interim results in 5-minute intervals.

To detect all assets, Watchdog starts an active network scan at regular intervals. With an active network scan (pings, port scans, etc.) the Watchdog provokes network connections and finds IP addresses that have not generated network traffic on their own. Define how often an active network scan should be performed. The more often you let it run, the faster all new assets are found. However, frequently performed active scans also put a strain on your network. By default we set an interval of 60 minutes.

How long assets detected by the watchdog remain in the inventory is entirely up to you. You can save the assets permanently or perform an Active inventory cleanup. This means that you can set a number of days after which the entries are deleted from the inventory if an asset was no longer accessible during this time. If you want to delete all inventory entries of a watchdog, you can use the option "Inventory clean up" (top right).

Networks

Under Networks you can configure subnets that should be monitored by the Watchdog. These options are relevant for you if you have segmented your network and want to perform asset discovery across the segments.

To do this, enter the Classless Inter-Domain Routing (CIDR) of the individual subnets. Assign a name and description and a color. The selected color of the respective subnet is used in the Asset Map.

If the subnet is a Virtual Local Area Network (VLAN), please specify this. The watchdog will then adjust the scan operations accordingly so that you get correct results even with VLANs.

Update Watchdog

The Enginsight Watchdog is continuously updated by us. In order for all (new) functions to work as desired, it is necessary that you always keep the watchdog up to date.

1. Go to Discoveries → Watchdog and check if all version numbers are up to date. A warning will be given to you if an outdated version is installed.

2. If an Watchdog does not have the current version number, click the Update button in the right column at Actions.

The current version number can always be found here.

Get logs

To check the current logs of the Hacktor software component, you have two options.

User interface: Logs button

Click the 'Logs' button at Discoveries → Watchdogs.

On the Watchdog server: Get and save logs

If you have access to the Watchdog server, you can also read out the current logs directly. The best way is to save the logs into a .txt-file.

Use the commands below to do this. Adjust the file name before you do this.

Debian:

cat /var/log/syslog | grep -a watchdog-m23 > /tmp/<dateiname>.txt

CentOS:

cat /var/log/messages | grep -a watchdog-m23 > /tmp/<dateiname>.txt

Use Watchdog for agentless monitoring

In addition to asset discovery, you can also use the watchdog for our agentless monitoring (pin/port checks, SNMP). You can find all information on this under Observations.