FireScope's asset discovery capability can be used in a variety of ways, giving you complete control over what degree of automation FireScope should use. The general process for configuring discovery is as follows:

1. Create one or more Discovery Rules
2. Create Device's based on discovery results in one of two ways:
   1. Manual creation from the discovery results page or
   2. Automatically based on any Discovery Actions you have created

Creating Your Discovery Rules

Discovery rules are essentially configured scans of your network, whereby FireScope will interrogate each device it detects to identify what type of device it is, what operating system is running on it, and check for speDevicefic active ports. Each scan can be scheduled to run periodically to identify new assets. The following is an example configuration for a discovery rule to identify servers running in a datacenter that are running a web server, SMTP or POP3 server, MySQL, Microsoft SQL Server, Oracle Database server, any servers issuing DHCP as well as any applications running on ports 200 and 420 (these last ports were arbitrarily determined to test a theoretical proprietary application that listens on these ports).

Sample Rule Configuration:

Name : My Sample Scan
IP Range : 192.168.0.1 - 255
Frequency : 60 (This sets the scan to run every 60 minutes to check for new assets)
Scan : TCP/SYN
Timing : Normal (less impactful on the network without making discovery too slow)
Timeout : 30 minutes

Checks
HTTP (checks port 80 for a web server)
SMTP (checks port 25 for an SMTP service)
POP (checks port 110 for a POP3 service)
TCP 3306 (for our MySQL check)
TCP 1521 (to identify Oracle)
TCP 1433,1434 (for MS SQL)
TCP 547 (for DHCP)
TCP 200,420 (for our theoretical app)

Manual Device Creation based on Discovery

Checking the Discovery Status page, found in the Administration menu in FireScope, will display a list of all of your discovery rules, when they started and finished their last run, as well as their current status. From here, you can view the discovery results and pick and choose which assets you wish to be managed from FireScope. To begin, simply click the Results link for a specific scan to see a list of the results.

The discovery results page starts with a breakdown of each unique IP address discovered and its Fully-Qualified Domain Name. A quick check of current configuration will see if the asset is already configured within FireScope. If the asset has been found, a link to edit the existing Device will display, otherwise an Add button on the left side of the results will drive you to an edit page to configure this Device. However, FireScope's discovery feature goes beyond simply scanning IP addresses.

Each of the ports configured in your discovery rule will be probed for a listening service and, if possible, identified by vendor, program name and version. The screenshot above shows an example result of discovery, showing the depth of information brought back. For advanced service monitoring capabilities, you have the option of creating a Device for individual services by clicking on the Add button for a specific service identified on a Device.

All subsequent discovery runs for this and other rules will automatically know which Device's have already been created in the system. Therefore, all you as an administrator have to do is periodically check this results page to see if new assets have been discovered and configure them as you please.

Automatic Device Creation/Notification based on Discovery

Some people like complete control, others like a little automation to make their day easier. That's why FireScope also has the capability to automatically process discovery results for you, through rules you define. To create a rule, go to the Discovery Actions section in the Configuration menu. An example rule is displayed below that highlights the range of capabilities for Discovery Actions.

Discovery Actions contain two key sections: Conditions and Operations. Conditions define which discovery results should trigger this action, such as the name of the discovered operating system, its IP address, and identified open ports or services. You can be as granular as to define actions for specific versions of applications found. The Operations section defines what to do when a discovered asset meets the criteria you specified in the Conditions, with options ranging from automatically creating the Device, assigning it to a Logical Group or Service Group, and even linking it to pre-defined templates that establish a default set of attributes, Thresholds and performance graphs to begin monitoring this asset. Assigning templates is highly recommended as it means you can be instantly tracking performance and identifying events for this asset without any manual work required.

In a typical scenario, you might create a rule that takes any Windows server identified in the IP range of your Dallas office (for example), creates a Device that is assigned to the Dallas Location logical group and applies your Windows templates to the new.

Finished

And that's it. From here you can generate additional rules to scan different subnets or identify different types of assets, or create additional actions to further automate instant monitoring of new assets as they come online. At every step, you have complete control to define your preferred level of automation, granularity of discovery and assignment of new assets.