LogoLogo
APISupportDashboard
  • Welcome
  • Platform
    • Platform Overview
    • Getting Started Guide
    • Discovery
      • Domain Discovery
      • Network Discovery
      • Discovered Assets
    • Targets
      • Scan Policies
      • Add-on Services
      • Tags & Filtering
        • Default Tags
      • Managing Targets
      • Scan Configuration
    • Risk
    • Firewalls
      • Ports
      • HTTP Servers
      • DNS Records
    • Websites
      • Certificates
      • Scripts
      • Cookies
      • Headers
      • Forms
      • Links
      • Downloads
      • Traffic Hosts
      • Meta Tags
      • Pages
    • Technology
    • Issues
      • Vulnerability Management
      • Issue Settings
    • Reports
    • Compliance
    • Projects
      • Penetration Testing
      • Other Projects
    • Events
      • Event Rules
      • Event Types
    • Automations
      • Target Automations
      • Asset Automations
      • Target Issue Automations
  • Integrations
    • Discovery Integrations
      • Azure
      • Google Cloud
      • AWS
      • Cloudflare
      • Oracle Cloud Infrastructure
      • F5
      • GoDaddy
      • Wiz
      • HTTP
    • Workflow Integrations
      • Slack
      • Google Chat
      • Jira
      • PagerDuty
      • Splunk
      • AWS
      • Vanta
      • Microsoft Teams
      • ArmorCode
      • Zapier
        • Slack (via Zapier)
        • Jira (via Zapier)
        • Service Now (via Zapier)
    • Feeds
      • Using Feeds with Google Sheets
    • API
    • Webhooks
  • Account
    • Account Overview
      • Account Security
    • Users
      • Roles & Permissions
Powered by GitBook

© 2024 Halo Security

On this page
  • Networks
  • Adding a network
  • Configuring network discovery
  • Deleting a network
  • Alive IPs
  • Open Ports
  • Pages

Was this helpful?

  1. Platform
  2. Discovery

Network Discovery

PreviousDomain DiscoveryNextDiscovered Assets

Last updated 3 months ago

Was this helpful?

Network discovery focuses on identifying alive (or responsive) IP addresses within your network.

It works by identifying responsive hosts and open ports across every IP address within your network(s) and cataloging any that respond.

Networks

A network is a range of consecutive IP addresses. This can also be known as a netblock, or subnet. When you add networks to your account, we'll monitor them for and .

A network can be represented in CIDR notation like 0.0.0.0/24, or as a range of IP addresses like 0.0.0.0-10. Currently, we only support IPv4 addresses.

Adding a network

If your organization has dedicated IP addresses, you can easily add that range to your Halo Security dashboard by going to Discovery -> Networks -> Add.

You can enter the network in one

You can also use network discovery to monitor open ports on a single IP address, although we recommend using the service for that use case.

Configuring network discovery

Once you've added a network for discovery you have several options for configuration. To edit the settings on a network, visit Discovery --> and click on the cog icon in the network row.

You can configure the following settings:

Setting
Description

Name

How the network will be displayed within the Halo Security dashboard.

Defaults to the network range entered.

Scan Frequency

How often the network discovery will occur. Defaults to weekly.

Scan Time

The hour in UTC you'd like scan to occur. Defaults to Random.

Next Scan

When the next scan should be performed.

Defaults to None.

Ping

Whether the scanner should test of hosts are alive by sending an ICMP echo request.

Defaults to Yes.

UDP Scan

Whether UDP port scanning should be performed.

Defaults to Yes.

Network Additional UDP Ports

Comma separated list of UDP ports.

Defaults to None.

Depending on your settings and the size of the network, the scan may take some time to avoid overwhelming your servers. If we estimate the scan will take over 24 hours to complete, we'll warn you on the settings page.

Deleting a network

Deleting a network will delete all historical data for that network. You can always add your network back, but historical data can not be recovered.

Alive IPs

If this is unexpected, the asset may represent a nefarious actor within your environment or an oversight and should be addressed promptly.

Open Ports

Ports that have been identified as being open during the scanning process will be listed along with the protocol and IP address.

Pages

To remove a network from network discovery, visit Discovery --> and click on the cog icon in the network row. Then click Delete Network and confirm you'd like to delete the network.

During the discovery process, we detect and report on Alive IPs. An IP address is considered alive if it has any open ports. Because our scans are all external and non-authenticated, new alive IP addresses represent an additional asset coming online and being accessible from the internet. If this is intentional, the IP address can easily be added as a within Halo Security for monitoring.

On Discovery --> , you can see the number of Alive IPs that were detected during the last discovery and the percentage of the total IP addresses within the network that were alive. You can click the value to see a filtered list of alive IP addresses on that network and the corresponding targets within your account.

: Networks and their risk score by domain and target, as well as number of open ports and alive IPs.

: Ports that were identified during scanning and number of occurrences.

: IP addresses that were discovered, their number of open ports, and reverse DNS lookup of hostname.

: List of open ports per network target.

Network
target
Network
Overview
Summary
IPs
Ports
firewall monitoring
Network
alive IPs
open ports