A device is “Active” if it’s responded to traffic we’ve sent to it or if we’ve heard about the device Indirectly (via SNMP for example).

Scanning where a Collector’s Scannerplaces traffic on the network destined for a targeted address and listens for the responses from that address (or hops along the way in the case of Path)

Scanning and Reporting Alerts in Map's Node Details

For credentials (like SNMP or WMI) an alias is just the name we associate with that credential for reporting purposes.  It allows us to say “secret1” in a report instead of putting the actual and presumably sensitive credentials into a report.

A collection of associated Scanners within a Zone that share a single Scanning Interface.

The virtual machine that processes scan data from Collectors and reports on that data

A Scout’s network interface can be given a Commanded Packet Rate.  This is the rate of scanning traffic  (in packets per second) that Asset Manager will not exceed (at least over intervals of greater than 1 second).  Depending on the targeted address space, we may not scan as quickly as the Commanded Packet Rate, but Asset Manager will not exceed this rate.  This rate is per Scanning Interface, this interface may be shared by more than one Collector

As far as Asset Manager (the product) is concerned, a Device is one or more IP addresses that we’ve decided belong together.  Typically we think they belong together due to our getting SNMP data that says they’re all interface addresses for the same thing.  It’s an attempt to represent a physical thing that’s attached to the network, but it’s not always a complete match (we don’t have all the information that someone sitting in front of a physical device might have).

The results of a Collector’s scan of a set of targets.  This is batched up into a number of Devices and sent to the Command Center for processing

A collection of CIDRs that dictate if further interrogation for a specified address should be performed. This is primarily used when a response is received from an address that is outside the target list and influences the decision to further interrogate this address.  In other words, if we target 2.2.2.2 and hear about 1.1.1.1, we’ll target 1.1.1.1 for scanning if it’s covered by the eligible list (e.g. if we had 1.0.0.0/8 in the eligible list)

Event is an action or occurrence detected by a program. It can be “published” so that other parts of the Asset Manager system can act on it. At this point, it will appear as a notification.

A Target explicitly defined in a Collector’s configuration (under Discovery Spaces > Target List)

Something we know about a Device by receiving data directly from that Device.  This would typically be via Active or Passive Discovery (eliding for the moment the idea that “Fact”s can be tricky things as we’re talking through the network to a Device so Facts can be altered in transit).  This would also include cases where we explicitly ask another system (like DNS) about a Device

A Device is a “Forwarder” if it’s seen in a trace (generated by the Path scanner) as anything but the last hop.  In other words, a device that generates an ICMP Time Exceeded message.  This is a Fact rather than an Inference

Discovery where the system gets information about an address from something other than that address (e.g., BGP, DNS, or OSPF). For example, Asset Manager hears about device 2.2.2.2 while interrogating 1.1.1.1 via SNMP and learning about 2.2.2.2 from 1.1.1.1’s ARP table.

Something we can say about a Device that’s derived from Facts about a Device or by Indirect Discovery (or by things like MAC Vendor data etc.).  Profiling data (for example) is a collection of Inferences

A CIDR learned about via SNMP (either a host or a CIDR representing a route), OSPF, or BGP.

A message presented to the user as the result of an event.

Listening to traffic without putting any packets on the network. (e.g., Broadcast). This could also be a Scanner listening to traffic on a trunk or SPAN port.

A Target that’s explicitly specified in a Collector configuration or learned about via an SNMP routing table, BGP, or OSPF.  This is effectively a Host or Path target (these are the scan types that scan across entire CIDRs).  Responses to a Primary Target can create Secondary Targets.  That is to say, a response to Host can create targets for scan types like Port, or SNMP.

An address that’s explicitly targeted, or learned and covered by the Eligible List. An address in the Avoid List cannot be Qualified.

For a Device with more than one IP address, we pick one address to refer to it by.  We pick the reference IP by the following criteria (subject to change):

1) Prefer IPv4 over IPv6

2) Prefer internal addresses

3) Prefer known addresses

4) Highest IP address

How often a Collector will target a specific Target.  Collectors fetch Targets as soon as they become available, even if there are a bunch of things already in the queue to be scanned.  The Rescan Interval is a guarantee that we won’t target something more often than once per Rescan Interval, but on a heavily loaded Collector it might take us longer than a Rescan Interval between us sending traffic to a given Target

A specific bit of code (like SnmpHunter) that runs as part of a Collector on a Scout somewhere

A network interface associated with a Scout.  This interface can be used by one or more Collectors.  This interface can be given a Commanded Packet Rate.

A collection of Scanners and Scanning Interfaces running on a particular (virtual) machine.  These scanners could be associated with any number of Zones or Command Centers.  It could be a VM built and licensed as a Scout or an “Onboard Scout,” which is the Scout code running on a Command Center.  

A specific network interface on a Scout.  This interface can be configured to throttle some discovery traffic (at least Host, Port, Path, and SNMP)

A Target (/32 or /128) generated for a non-Host/Path scan(discovery)  type as a result of Asset Manager learning about an address.  These Targets can be generated by being discovered via Host or Path, being Indirectly or Passively discovered, or by having a device added via API.  These are the Targets the system generates itself (governed by discovered addresses, Eligible List, and Avoid List).

A device that we were able to talk to and get responses with a set of SNMP credentials.  If we just get an error message (an SNMPv3 credential error or a OID not found for v2) we will not be snmpAccessible though we will be an snmpResponder

This is a Tertiary Target type.  If configured to do so, we will gather data from various SNMP OIDs and determine things like Interface or Route information

This is a Secondary Target type.  When we do SNMP Discovery we try all the SNMP Credentials configured for a collector and report on which ones were accessible.  In SNMP Discovery we will gather things like sysObjectId, sysDescr, and potentially serial number information.

A device that we got an SNMP response from even if we can’t fetch data from it with our SNMP credentials.  This could happen if we attempt to communicate with a device using SNMPv3, it can respond with an authentication error of some sort, this is different from SNMPv1/2c where the device usually doesn’t send anything back in the case of an authentication failure (though ACLs can cause SNMPv2 errors).

On a Asset Manager command center, the data we ingest from scanning is contained under /var/spool/esi.  The files that a queued up for ingestion are at /var/spool/esi/preprocessing.  These files are commonly referred to as “Spool Files” and if we’re trying to debug why the system is behaving the way it does we’ll commonly start by looking at them.

A combination of a CIDR, Scan Type, and Collector ID.  This can be a Primary, Secondary, or Tertiary Target.

Once a device has been scanned using a primary scan type, it is determined to be alive. After a secondary scan type, the target has been determined to have the potential of responding to a particular protocol. The tertiary scan type asks for heavier weight responses, such as SNMP Details, HTTP banners, CIFS, or WMI.

The time a Scout discovers a Device (or information about a Device)

The time a discovered Device is actually available in the database for reporting (the time it’s actually visible to a client).