Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Device Discovery Process

SUMMARY In JSA Risk Manager, use the Device Discovery screen in the Configuration Monitor to add, edit, and run a defined discovery.

Configuration Source Management will no longer work after the end of 2020, when browsers discontinue support for Adobe Flash. You can configure credentials, protocols, and schedules in the Configuration monitor on JSA 7.4.1, patch 1 and later. For more information about this change, see Juniper Secure Analytics Risk Manager: Adobe Flash End of Life and Changes to Configuration Source Management (CSM).

The discovery process uses the Simple Networks Management Protocol (SNMP) and command line (CLI) to discover network devices.

After you configure an IP address or CIDR range, the discovery engine performs a TCP scan against the IP address to determine if ports 22, 23, or 443 are monitoring for connections. If the TCP scan is successful, and SNMP query is configured to determine the type of device, the SNMP Get Community String is used based on the IP address.

This information is used to determine which adapter the device should be mapped to when added. JSA Risk Manager connects to the device and collects a list of interfaces and neighbor information, such as CDP, NDP, or ARP tables. The device is then added to the inventory.

The configured IP address used to initiate the discovery process might not be the assigned IP address for the new device. JSA Risk Manager adds a device by using the IP address for the lowest numbered interface on the device (or lowest loopback address, if any).

If you select the Crawl the network from the addresses defined above checkbox, the IP address of the neighbors that are collected from the device are reintroduced into the discovery process. The process repeats for each IP address.