Abstract image of a woman sitting on books and studying on a laptop

Addmi 16-discovery monitoring

Download as PPT, PDF
O
odanyboy

The document discusses monitoring Discovery in Tideway in three main aspects: per run, per credential/slave, and current state. It provides details on viewing reports for individual discovery runs, credential/slave success rates, and the Discovery Dashboard for current access levels. Key metrics discussed include discovery run summaries, endpoint access analysis, credential success rates shown in different colors, and the Discovery Radar for classifying last access to IPs.

TechnologyDesign
1 of 27
Downloaded 47 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Discovery Monitoring Keeping Access In Grade A Condition
Monitoring Discovery Outline 3 Main Aspects Per Run How did the run I scheduled go? Current/Recent Runs Per Credential/Slave How well are my credentials working for me? Credential/Slave usage feedback Current State What are my current access levels like? Discovery Dashboard
Monitoring Per Run
Per Discovery Run Monitor from the Recent Runs list Discovery > Discovery Status > Recent Runs Click on the run of interest to see details
Discovery Run Summary Click through to see a list view of endpoint for that Discovery State Example Shown: No Access
Discovery Run Detailed Reports Endpoint Access Analysis Useful general starting point Endpoint Timings Look for performance hotspots Possible Host Devices Look for Hosts that you don’t yet have access to Possible Process to Port Issues Look for hosts that need lsof/sudo to get connection mapping
Monitoring Per Credential or Per Slave
Per Credential/Slave Success rate feedback is calculated for all core discovery credentials Start at the Discovery Tab and then the Credentials second level navigation
Login Credentials Success Rate
Slave Management Success Rate
SNMP Credentials Success Rate
Understanding Success Rate (1) 100% Success: shown in Green Credential has been selected for Discovery All recent attempts have successfully established a session
Understanding Success Rate (2) Partial Success: shown in Yellow Credential has been selected for Discovery There were issues with some sessions Summarised by type of issue
Understanding Success Rate (3) Never Used: shown in Blue Credential has never selected for Discovery
Understanding Success Rate (4) 100% Failure: shown in Red Credential has been used All attempts have failed Summarised by type of issue If the credential has worked in the recent past this will also be indicated This may mean that there has been a recent access change that should be investigated
What Is Counted As a Failure? Any failure to establish a Unix or Windows session Where a session is established but HostInfo or InterfaceList methods do not complete This will prevent a Host node being updated DeviceInfo will already exist as we have a session Where a session is established with a credential marked as “Become Super User” fails to SU This will be reported as a success and a failure
Investigating Credential Success Issues
Investigating Credential Success Issues
Monitoring by Current State
Current State Reporting (1) There is a specific Discovery Dashboard
Current State Reporting (2) Reports are also available under the Discovery tab Discovery Reports
Current UNIX and Windows Access Check to see that the access methods and Windows slaves you expect are in use Check in Probe sector for access regressions or Hosts without credentials rolled out
Discovery Radar Classifies the last access to IPs that Discovery thinks are hosts
Discovery Radar - Details (1) Update [Normal] Host updated via cached credential Update [Credential Search] Host updated but several credentials tried
Discovery Radar - Details (2) Access Regression [Credential Failure] Host failed to update as no credential established a session Access Regression [Other Failure] Host failed to update as there were other failures
Discovery Radar - Details (3) Unknown Host [Credential Failure] No Host was created as no credential established a session Unknown Host [No Credential Available] Host failed to update as there were other session failures
Further Resources Online Documentation: http://www.tideway.com/confluence/display/81/Documentation Tideway Foundation Version 7.2 Documentation Title

More Related Content

PPT
Addmi 13-discovery overview
odanyboy
 
PPT
Addmi 13-discovery overview (patrick ryan's conflicted copy 2011-01-27)
odanyboy
 
PPT
Addmi 15-discovery scripts
odanyboy
 
PPT
Addmi 11-intro to-patterns
odanyboy
 
PPT
Addmi 16.5-discovery troubleshooting
odanyboy
 
PPTX
Back-2-Basics: Exception & Event Instrumentation in .NET
David McCarter
 
PPT
Web application attack and audit framework (w3af)
Abhishek Choksi
 
PPT
W3AF|null
Prajwal Panchmahalkar
 
Addmi 13-discovery overview
odanyboy
 
Addmi 13-discovery overview (patrick ryan's conflicted copy 2011-01-27)
odanyboy
 
Addmi 15-discovery scripts
odanyboy
 
Addmi 11-intro to-patterns
odanyboy
 
Addmi 16.5-discovery troubleshooting
odanyboy
 
Back-2-Basics: Exception & Event Instrumentation in .NET
David McCarter
 
Web application attack and audit framework (w3af)
Abhishek Choksi
 
W3AF|null
Prajwal Panchmahalkar
 

Viewers also liked (19)

PPT
Addmi 18-appliance baseline
odanyboy
 
PPT
Addmi 08-dashboards
odanyboy
 
PPT
Addmi 09.5-analysis ui-host-grouping
odanyboy
 
PPT
Addmi 17-snapshot
odanyboy
 
PPT
Addmi 09-analysis ui-reporting
odanyboy
 
PPT
Addmi 10-query builder
odanyboy
 
PPT
58466507 event-management-best-practices-1-488
Prasad Rt
 
PPTX
Knowledge Management in BMC Remedy 9.1
Jon Stevens-Hall
 
PPTX
Optimizing Service Desk Interactions with Knowledge Management - BMC Engage 2015
Jon Stevens-Hall
 
PDF
Power of the Platform: Andy Walker, BMC Software
BMC Software
 
PDF
Fannie mae bmc remedy its mv7 production infrastructure_v8_021009
Accenture
 
PPT
Addmi 04-va installation
odanyboy
 
PPT
Addmi 07-taxonomy
odanyboy
 
PPT
Addmi 06-security mgmt
odanyboy
 
PPT
Addmi 02-addm overview
odanyboy
 
PPT
Addmi 14-discovery credentials
odanyboy
 
PPT
Addmi 12-basic scan
odanyboy
 
PDF
BMC Engage 2015 Breakout Session #420 - #ITSM_SUCCESS-Final_3.5 (1)
Phil Bautista
 
PPTX
Sanofi’s Journey to Service Resolution
BMC Software
 
Addmi 18-appliance baseline
odanyboy
 
Addmi 08-dashboards
odanyboy
 
Addmi 09.5-analysis ui-host-grouping
odanyboy
 
Addmi 17-snapshot
odanyboy
 
Addmi 09-analysis ui-reporting
odanyboy
 
Addmi 10-query builder
odanyboy
 
58466507 event-management-best-practices-1-488
Prasad Rt
 
Knowledge Management in BMC Remedy 9.1
Jon Stevens-Hall
 
Optimizing Service Desk Interactions with Knowledge Management - BMC Engage 2015
Jon Stevens-Hall
 
Power of the Platform: Andy Walker, BMC Software
BMC Software
 
Fannie mae bmc remedy its mv7 production infrastructure_v8_021009
Accenture
 
Addmi 04-va installation
odanyboy
 
Addmi 07-taxonomy
odanyboy
 
Addmi 06-security mgmt
odanyboy
 
Addmi 02-addm overview
odanyboy
 
Addmi 14-discovery credentials
odanyboy
 
Addmi 12-basic scan
odanyboy
 
BMC Engage 2015 Breakout Session #420 - #ITSM_SUCCESS-Final_3.5 (1)
Phil Bautista
 
Sanofi’s Journey to Service Resolution
BMC Software
 
Ad

Similar to Addmi 16-discovery monitoring (20)

PDF
BMC Discovery (ADDM) Cheat Sheet by Traversys Limited
Wes Moskal-Fitzpatrick
 
PPTX
Storage, Virtual, and Server Profiler Training
SolarWinds
 
PPTX
Free OpManager training Part1- Discovery and classification
ManageEngine, Zoho Corporation
 
PPTX
Windows Live Forensics 101
Arpan Raval
 
PPTX
Free OpManager training Part1- Discovery and classification season#3
ManageEngine, Zoho Corporation
 
DOCX
A Case Study of Using Selenium IDE and WebDriver_Word Doc
Jabeen Shazia Posses H1 B Visa (Jazz)
 
PDF
Chat interfaces for continuous integration - CI/CD Pipeline on Slack
Troops Engineering
 
PPTX
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
 
PPT
Spiceworks Basics 1: Inventory, Troubleshooting, Monitoring & Alerts
Spiceworks
 
PPTX
Season 4 [Free OpManager training] Part1- Discovery and classification
ManageEngine, Zoho Corporation
 
PPTX
Application and Website Security -- Fundamental Edition
Daniel Owens
 
PPT
10135 a 11
Bố Su
 
PDF
Level 2 Certification: Using Sumo Logic - Oct 2018
Sumo Logic
 
PPTX
Weekly Report 17-10-2024_cybersecutity.pptx
gowenow253
 
PPTX
Operating System Process Scheduling.pptx
Muhammad Athar
 
PDF
TLC2018 Tanya Kravtsov: 10 Steps to CI, Testing and Delivery
Anna Royzman
 
PPT
Centaf Sms Day 2
ejcometh
 
PDF
Introduction to Research Automation with Globus
Globus
 
PPT
FIRST 2006 Full-day Tutorial on Logs for Incident Response
Anton Chuvakin
 
PPT
dfd.ppt
AdarshADS4
 
BMC Discovery (ADDM) Cheat Sheet by Traversys Limited
Wes Moskal-Fitzpatrick
 
Storage, Virtual, and Server Profiler Training
SolarWinds
 
Free OpManager training Part1- Discovery and classification
ManageEngine, Zoho Corporation
 
Windows Live Forensics 101
Arpan Raval
 
Free OpManager training Part1- Discovery and classification season#3
ManageEngine, Zoho Corporation
 
A Case Study of Using Selenium IDE and WebDriver_Word Doc
Jabeen Shazia Posses H1 B Visa (Jazz)
 
Chat interfaces for continuous integration - CI/CD Pipeline on Slack
Troops Engineering
 
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
 
Spiceworks Basics 1: Inventory, Troubleshooting, Monitoring & Alerts
Spiceworks
 
Season 4 [Free OpManager training] Part1- Discovery and classification
ManageEngine, Zoho Corporation
 
Application and Website Security -- Fundamental Edition
Daniel Owens
 
10135 a 11
Bố Su
 
Level 2 Certification: Using Sumo Logic - Oct 2018
Sumo Logic
 
Weekly Report 17-10-2024_cybersecutity.pptx
gowenow253
 
Operating System Process Scheduling.pptx
Muhammad Athar
 
TLC2018 Tanya Kravtsov: 10 Steps to CI, Testing and Delivery
Anna Royzman
 
Centaf Sms Day 2
ejcometh
 
Introduction to Research Automation with Globus
Globus
 
FIRST 2006 Full-day Tutorial on Logs for Incident Response
Anton Chuvakin
 
dfd.ppt
AdarshADS4
 
Ad

Recently uploaded (20)

PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PPTX
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
Abstractive summarization using multilingual text-to-text transfer transforme...
IAESIJAI
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PPTX
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PPTX
Configure Apache Mutual Authentication
Antonino Piraino
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
Five Habits of High-Impact Board Members
OnBoard
 
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
What is a Computer? Input Devices /output devices
GulJan8
 
Abstractive summarization using multilingual text-to-text transfer transforme...
IAESIJAI
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
The various Industrial Revolutions .pptx
bandileshozi3
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
Configure Apache Mutual Authentication
Antonino Piraino
 

Addmi 16-discovery monitoring

  • 1. Discovery Monitoring Keeping Access In Grade A Condition
  • 2. Monitoring Discovery Outline 3 Main Aspects Per Run How did the run I scheduled go? Current/Recent Runs Per Credential/Slave How well are my credentials working for me? Credential/Slave usage feedback Current State What are my current access levels like? Discovery Dashboard
  • 4. Per Discovery Run Monitor from the Recent Runs list Discovery > Discovery Status > Recent Runs Click on the run of interest to see details
  • 5. Discovery Run Summary Click through to see a list view of endpoint for that Discovery State Example Shown: No Access
  • 6. Discovery Run Detailed Reports Endpoint Access Analysis Useful general starting point Endpoint Timings Look for performance hotspots Possible Host Devices Look for Hosts that you don’t yet have access to Possible Process to Port Issues Look for hosts that need lsof/sudo to get connection mapping
  • 8. Per Credential/Slave Success rate feedback is calculated for all core discovery credentials Start at the Discovery Tab and then the Credentials second level navigation
  • 12. Understanding Success Rate (1) 100% Success: shown in Green Credential has been selected for Discovery All recent attempts have successfully established a session
  • 13. Understanding Success Rate (2) Partial Success: shown in Yellow Credential has been selected for Discovery There were issues with some sessions Summarised by type of issue
  • 14. Understanding Success Rate (3) Never Used: shown in Blue Credential has never selected for Discovery
  • 15. Understanding Success Rate (4) 100% Failure: shown in Red Credential has been used All attempts have failed Summarised by type of issue If the credential has worked in the recent past this will also be indicated This may mean that there has been a recent access change that should be investigated
  • 16. What Is Counted As a Failure? Any failure to establish a Unix or Windows session Where a session is established but HostInfo or InterfaceList methods do not complete This will prevent a Host node being updated DeviceInfo will already exist as we have a session Where a session is established with a credential marked as “Become Super User” fails to SU This will be reported as a success and a failure
  • 20. Current State Reporting (1) There is a specific Discovery Dashboard
  • 21. Current State Reporting (2) Reports are also available under the Discovery tab Discovery Reports
  • 22. Current UNIX and Windows Access Check to see that the access methods and Windows slaves you expect are in use Check in Probe sector for access regressions or Hosts without credentials rolled out
  • 23. Discovery Radar Classifies the last access to IPs that Discovery thinks are hosts
  • 24. Discovery Radar - Details (1) Update [Normal] Host updated via cached credential Update [Credential Search] Host updated but several credentials tried
  • 25. Discovery Radar - Details (2) Access Regression [Credential Failure] Host failed to update as no credential established a session Access Regression [Other Failure] Host failed to update as there were other failures
  • 26. Discovery Radar - Details (3) Unknown Host [Credential Failure] No Host was created as no credential established a session Unknown Host [No Credential Available] Host failed to update as there were other session failures
  • 27. Further Resources Online Documentation: http://www.tideway.com/confluence/display/81/Documentation Tideway Foundation Version 7.2 Documentation Title

Editor's Notes

  • #6: The No Access is just an example – obviously you can start looking at the no response or skipped ones as well.
  • #7: These are 4 good starting points for exploring the results of the Discovery Run.
  • #9: Core Discovery Credentials means: Login Credentials Tab – Unix and Windows via Credential Slave Slave Management Tab – AD and Workgroup Slave (Credential slave feedback will re-direct to Login Credentials Tab) SNMP Credentials Tab – Netware and other SNMP targets The Success Rate is calculated over the last access for each endpoint, so will change as discovery is run. Where it is stated that a credential has never been used then never is the valid for the depth of DDD retained on the appliance.
  • #10: In the next slides we will analyse the detailed states but here you can see GREEN – 100% success YELLOW – less than 100% success BLUE – Never Used RED – Used but never succesful
  • #11: Same on the slave page
  • #12: Same on the SNMP page
  • #15: If this credential is expected to be used then it is possible that The endpoints have not been scanned for some time Another credential matches this endpoint and is higher up the list Unused credentials should ideally be removed to prevent clutter
  • #16: This is different from the BLUE Never Used state as this credential has been selected for Discovery but has failed to establish a session on 100% of recent attempts. The root cause of a red failure state is most likely to be a credential entered wrong, or a centrally administered credential that has been locked or changed. The root cause of a blue never used state is most likely to be the ordering of the credentials in the vault such that another credential further up the list is being used.
  • #17: The reason we regard the SU case as both is this. It is a success as we established a session and it worked. However it is a failure as you told the system you expected to be able to switch user to the root account on this system and that failed. This allows you to track down the systems this fails on.
  • #19: See later for detailed notes on analysing from the DA page onwards
  • #24: So screens out Dark Space and non Host devices like switches, printers, storage etc
  • #25: Update [Normal] – The cached credential from the last scan was able to establish a session and we update the Host node. This is the expected Business As Usual case Update [Credential Search] – This means we were able to establish a session and update the Host node but had to search a number of credentials o find one that worked. If you are rolling out Atrium Discovery (or extending your scanning to new areas) then this is expected behaviour as we need to find which credentials work. During normal Business As Usual operation this may indicate that credentials are being changed in the environment where you didn’t expect them and may warrant investigation.
  • #26: Access Regression [Credential Failure] – There is an existing Host node related to this endpoint but we failed to update it on the last access to the endpoint as none of our credentials could establish a session Access Regression [Other Failure] - There is an existing Host node related to this endpoint but we failed to update it on the last access to the endpoint. The session was established successfully but other failures prevented full discovery; usually this means that HostInfo or InterfaceList methods have failed and frequently that can be because of timeouts. Either due to congestion in the network, busy hosts or other transient conditions sometimes a script will time out as data is not received in timely fashion and Foundation moves on. If you find that a particular credential suffers from timeouts regularly then click through to that credential and increase it’s timeout value – note that this will increase the time that this credential waits for a response so do this with care.
  • #27: Unknown Host [Credential Failure] – The endpoint looks like a Host to Discovery but have never been related to a Host node in Foundation; a number of credentials were tried but no session could be established. These may be hosts that need credentials rolling out to them or new credentials need to be added to Foundation. Unknown Host [No Credential Available] - The endpoint looks like a Host to Discovery but have never been related to a Host node in Foundation; no current credentials (Login, Windows Slave or SNMP) are valid for this endpoint. These are hosts that need new credentials to be added to Foundation.