...
- port scanner runs against IPs to see what's open
- determines device type
- depending on type, runs applicable probes:
- Windows: WMI & powershell
- Unix: SSH
- Printers: SNMP
- Network Devices: SNMP
- Web: HTTP headers
- UPS: SNMP
- search the CMDB using weighted identifiers (serial, MAC, IP etc), do either of the following:
- update/add matching CI
- no-op
Questions/Answers
What does it find with _no credentials or bogus credentials? Yes, it's agent-less, but is it still basically an opt-in technology?_
You don't without customizations, and furthermore, this data is of no value on its own. This can be collected and inserted trivially with existing technology. Furthermore, this data cannot be used on its own to draw any conclusions. It therefore adds no value, and the recommendation from the technical team is that the hours be spent elsewhere.
How do we recommend Yale leverages this tool? Do we use it once and update every so often? Do we enable people to use this as an asset management import tool?
Insofar as this tool is designed to aid in automation of CMDB updates, it should be used wherever it does not undermine other stated assertions and principles. It should be used continuously to cover gaps in Change Management process. Federation with other CMDBs is on the table. The final recommendations will be presented in another document.
- How many MID servers and where, based on: security, firewall
MIDs pull instructions and push data over https when talking to the cloud. MIDs probe behavior on the network depends on the probe type.
Assertions
- Must obey principle of least privilege for SN instance and MID Server
- We should net something; i.e., either quality of CMDB or speed of discovery should be better than without the tool
...