Views:

Identify devices on your network by enabling Active Network Scanner on a Virtual Network Sensor or Deep Discovery Inspector instance.

Active Network Scanner uses network sensors to proactively identify devices connected to your network. When you enable Active Network Scanner on a Virtual Network Sensor (VNS) or Deep Discovery Inspector (DDI) instance, the sensor periodically sends discovery traffic across the network segments it monitors and uses the responses to identify each device, including device type and other related information.
Discovered devices appear in TrendAI Vision One™ Network Security's Network Inventory and Attack Surface Discovery, giving you broader visibility into the assets on your network, including devices that are not running an agent.
Each sensor instance is configured independently. Enabling Active Network Scanner on one sensor does not affect other sensors deployed in your environment. Enabling the feature does not consume credits, but viewing the discovered assets in Cyber Risk Exposure Management (CREM) is subject to standard CREM pricing.

Enable Active Network Scanner

Before you begin, confirm the following:
  • A supported network sensor, such as a Virtual Network Sensor (VNS) or Deep Discovery Inspector (DDI), is deployed and connected to Network Security.
  • The sensor instance is performing as expected and reporting telemetry.
  • You have a role in Network Security that allows you to configure network sensors.
When confirmed, perform the following:
  1. In Network Security, go to Network Analysis ConfigurationActive Network Scanner.
  2. Select the Virtual Network Sensor or Deep Discovery Inspector instance on which you want to enable Active Network Scanner.
  3. Enable Active Network Scanner for the selected sensor.
  4. Click Save.
The sensor begins sending discovery traffic on the network segments it monitors. Initial scan results may take time to appear, depending on the size of the monitored network and the responsiveness of the connected devices. Discovered devices appear in Network Inventory and Attack Surface Discovery.

Disable Active Network Scanner

To stop Active Network Scanner on a sensor, return to Network Analysis ConfigurationActive Network Scanner and disable Active Network Scanner for that sensor. Previously discovered devices remain visible in Network Inventory and Attack Surface Discovery until they age out or are removed manually.