Hello everyone,
We have encountered a challenging requirement during our discovery scans for a range of IP addresses. In the scan results, some assets appear with their asset names as IP addresses instead of hostnames.
We need to filter out these assets and prevent them from being added to Password Safe. Does anyone know how we can filter out assets without hostnames that are still being added to Password Safe?
Thank you,
Prasad
Best answer by frank.colvin
if the discovery scan returns an IP address as the asset name, check to see if there is a reverse lookup in DNS for that IP address. open a command prompt and type NSLOOKUP {ipAddress}. in asset search by IP address and use that address. You should see two asset entries if there is no reverse lookup configured. The discovery scan resolves the name to an IP address and part of the process will lookup by the IP address and if no record is found it will add this to the assets. if the onboarding rule is configured to use a directory query or an asset group then the assets without a name should not be onboarded. but they will reside in the assets.
Hey
There’s a few general notes I can recommend, but the implementation does depend on the architecture set up. (Mandatory disclosure note: If full support of modifying your specific environment is desired, that would be the realm of professional services.)
I would recommend investigating the IPs rather than hostnames (e.g. windows scan expected but it’s a linux device, etc.) to refine the discovery scan to be more effective to only bring online systems that are anticipated.
You can tag the assets that match the regex for an IPv4 address with an attribute (or show as smart group) and exclude that attribute (or smart group if you choose to show as smart group) from onboarding as a managed system.
The target smart group members:
Hello
You can use a regular expression.
This one worked for me.
^(?!^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$).*
Regards,
John
+1if the discovery scan returns an IP address as the asset name, check to see if there is a reverse lookup in DNS for that IP address. open a command prompt and type NSLOOKUP {ipAddress}. in asset search by IP address and use that address. You should see two asset entries if there is no reverse lookup configured. The discovery scan resolves the name to an IP address and part of the process will lookup by the IP address and if no record is found it will add this to the assets. if the onboarding rule is configured to use a directory query or an asset group then the assets without a name should not be onboarded. but they will reside in the assets.
Hey Everyone,
Thank you for the responses and providing solution. I am sort of new to BT environment and I am still trying to figure out which smart rule is being used for conversion of assets to managed system in password safe.
Can someone suggest me, how can I find the exact rule used for this? Do we have any specific criteria that being used in rules which I can look for and find that one specific rule?
I know it would environment specific but just trying to understand if any common thing that I can use to find out.
Thanks,
Prasad
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
