Network discovery focuses on identifying alive (or responsive) IP addresses within your network.
It works by identifying responsive hosts and open ports across every IP address within your network(s) and cataloging any that respond.
A network can be represented in CIDR notation such as
0.0.0.0/24, or a range of IP addresses like
0.0.0.0-10. Currently, we only support IPv4 addresses.
If your organization has dedicated IP addresses, you can easily add that range into your Halo Security dashboard by going to Discovery --> Networks --> Add.
You can enter the network in one
You can configure the following settings:
Depending on your settings and the size of the network, the scan may take a long time in order to avoid overwhelming your servers. If we estimate the scan will take over 24 hours to complete we'll warn you on the settings page.
Deleting a network will delete all historical data for that network. You can always add your network back, but historical data can not be recovered.
During the discovery process, we detect and report on Alive IPs. An IP address is considered alive if it has any open ports. Because our scans are all external and non-authenticated, new alive IP addresses represent an additional asset coming online and being accessible from the internet. If this is intentional, the IP address can easily be added as target within Halo Security for monitoring.
If this unexpected, the asset may represent a nefarious actor within your environment or an oversight and should be addressed promptly.
On Discovery --> Network, you can see the number of Alive IPs that were detected during the last discovery and the percentage of the total IP addresses within the network that were alive. You can click the value to see a filtered list of alive IP addresses on that network and the corresponding targets within your account.
Ports that have been identified as being open during the scanning process will be listed along with the protocol and IP address.