Last updated
Was this helpful?
Last updated
Was this helpful?
Network discovery focuses on identifying alive (or responsive) IP addresses within your network.
It works by identifying responsive hosts and open ports across every IP address within your network(s) and cataloging any that respond.
A network is a range of consecutive IP addresses. This can also be known as a netblock, or subnet. When you add networks to your account, we'll monitor them for and .
A network can be represented in CIDR notation like 0.0.0.0/24
, or as a range of IP addresses like 0.0.0.0-10
. Currently, we only support IPv4 addresses.
If your organization has dedicated IP addresses, you can easily add that range to your Halo Security dashboard by going to Discovery -> Networks -> Add.
You can enter the network in one
You can also use network discovery to monitor open ports on a single IP address, although we recommend using the service for that use case.
Once you've added a network for discovery you have several options for configuration. To edit the settings on a network, visit Discovery --> and click on the cog icon in the network row.
You can configure the following settings:
Depending on your settings and the size of the network, the scan may take some time to avoid overwhelming your servers. If we estimate the scan will take over 24 hours to complete, we'll warn you on the settings page.
Deleting a network will delete all historical data for that network. You can always add your network back, but historical data can not be recovered.
If this is unexpected, the asset may represent a nefarious actor within your environment or an oversight and should be addressed promptly.
Ports that have been identified as being open during the scanning process will be listed along with the protocol and IP address.
To remove a network from network discovery, visit Discovery --> and click on the cog icon in the network row. Then click Delete Network and confirm you'd like to delete the network.
During the discovery process, we detect and report on Alive IPs. An IP address is considered alive if it has any open ports. Because our scans are all external and non-authenticated, new alive IP addresses represent an additional asset coming online and being accessible from the internet. If this is intentional, the IP address can easily be added as a within Halo Security for monitoring.
On Discovery --> , you can see the number of Alive IPs that were detected during the last discovery and the percentage of the total IP addresses within the network that were alive. You can click the value to see a filtered list of alive IP addresses on that network and the corresponding targets within your account.
: Networks and their risk score by domain and target, as well as number of open ports and alive IPs.
: Ports that were identified during scanning and number of occurrences.
: IP addresses that were discovered, their number of open ports, and reverse DNS lookup of hostname.
: List of open ports per network target.
Name
How the network will be displayed within the Halo Security dashboard.
Defaults to the network range entered.
Scan Frequency
How often the network discovery will occur. Defaults to weekly.
Scan Time
The hour in UTC you'd like scan to occur. Defaults to Random.
Next Scan
When the next scan should be performed.
Defaults to None.
Ping
Whether the scanner should test of hosts are alive by sending an ICMP echo request.
Defaults to Yes.
UDP Scan
Whether UDP port scanning should be performed.
Defaults to Yes.
Network Additional UDP Ports
Comma separated list of UDP ports.
Defaults to None.