Configure Scope: Targets, Identity & Work Area

Typically, multiple Asset Manager zones comprise your enterprise network. Asset Manager will help you to manage each zone as a unit and will also enable you to explore, discover, and index that space––defining which elements belong to a particular zone, which routes traverse it, and where one zone ends and opens into unknown space such as the Internet. 

An itemized list of IPs and subnets/CIDRs comprising the managed elements of a zone, which you may want to think of as your zone's definition or identity, is listed in Internal.

The Zone Networks tab displays labeling and control information associated with each of your zones. The labeling information is, in essence, how you tell Asset Manager what network assets are yours.  This information is used by the reporting, mapping, and data analysis capabilities of of Asset Manager.  The controlling information influences how and where Asset Manager collects information from your network infrastructure.  The Zone Network settings apply to all of the collectors operating in a zone. 

Click the Zone Networks tab to display a selected Zone's CIDRs.

To prepare for discovery, you'll need select a zone, which describes the relationship of other elements and routes in the galaxy of network devices to itself in terms of the following:

  • Internal Zone Networks - Subnets in a zone that your organization owns and manages. Internal subnets are those belonging to the zone. Asset Manager uses the list of Internal subnets to specify which of several internal IPs should be used by the system as the reference IP.  You can purposely add IPs to the Internal list to force them to be used as the reference IP. The Internal Zone Networks list enables you to define and label devices via associated CIDR blocks as "Internal" for the purposes of reporting, mapping, and analysis. The Internal list affects reporting only and not discovery. By interrogating your Internal list, you can be apprised when an element in your zone goes inactive. Asset Manager-discovered subnets (those are the ones your organization didn't know about originally) your organization approves for further investigation by Asset Manager. As you come to understand these subnets better, you will take ownership of some of them by labeling them as Internal Zone Networks.
  • Eligible Zone Networks - The Eligible list is the set of networks you give Asset Manager permission to probe. If an Asset Manager collector discovers an IP or CIDR that is not included on the Target list, it then checks the Eligible list. If the element is on the Eligible list, it is interrogated; otherwise, it proceeds to the Avoid list. If it is not included on the Avoid list, the element is interrogated. If a network you didn't know about was discovered via SNMP, for example, you might choose to add that network to the Eligible list to ensure that it is included in subsequent explorations. When you enable TargetDiscoveredRoutes in Host Discovery,  Asset Manager discovers all devices within the Eligible Zone Network list. When you enable TargetDiscoveredRoutes in Path Discovery, Asset Manager traces to all of the Eligible networks and can display the findings in a map. Discovery types SNMP, Port, Profile, and Leak can be configured to run on Eligible discovered subnets.
  • Known Zone Networks -  IPs and CIDRs that you recognize and are aware of are recorded in your Known list. These are subnets about which your are superficially acquainted. You do not own them or manage them. You may or may not want more information about them. The Known list enables you to define and label devices via associated CIDR blocks as "known" for reporting and analysis purposes. Think of the Known list as "networks your company knows about and is aware of." When you change the designation (i.e., label) of a network element from unknown to known, it is a good practice to add that element to your Eligible list, so that all collectors from that point forward will interrogate it. The Known list has a limited role in Path Discovery, where you can specify how many hops into the "unknown" a path trace will go before stopping. Every IP added to the Known list expands the trace by however many hops you specified.

Configure Discovery Spaces

Discovery Spaces is a list of the CIDR blocks you want to monitor via Asset Manager. A collector will perform discovery operations using the scope represented this Discovery Space list. CIDR blocks listed here must belong to your network and must define the space you intend to monitor. Be sure to validate the content of your Discovery Space list and reach out for your technical consultant if you need help with this. 

When you click on a collector, and then the Discovery Spaces tab, the Collector's Discovery Spaces display. These are further delineated:

  • Target - Used for Host Discovery and Path Discovery. When Asset Manager discovers IPs or CIDRs included in the Target list, it interrogates them. 
  • Avoid - IPs and CIDR ranges on this list of CIDRs are not targeted during active discovery. Network space that should not be interrogated (e.g., perhaps because it is network space that belongs to a business partner or affiliate)  is included on the Avoid list. Space that is considered sensitive, contains restricted data, or for whatever reason must not be interrogated, is recorded to the Avoid list. 
  • Stop - Path Discovery aborts a trace when a hop responds with an IP included on this discovery space. The Stop list is only referenced when an Asset Manager collector is performing Path Discovery. The stop list is your network's perimeter. 

At the collector level, scope coordinates are located in the Discovery Spaces tab. Collectors go to their Targets, skip over their Avoids, and go one hop past their Stops. Think of IP/CIDR lists as "coordinates" within which discovery activities take place. You can expect the number of these IP and CIDR coordinates to increase quickly once discovery begins. 

To prepare for discovery, define your scope of interest.

    1. Select a zone, a collector, and then the Discovery Spaces tab. 
      The IP/CIDR coordinates for your selected collector only display.
    2. Verify that the default Target tab is active, and then select Add to input manually or Upload to import a text file of the information. 
      The requirements for Target list entries are as follows:
      • Flat ASCII format, one CIDR block per line followed by a text label, separated by a space
      • A text label, with a maximum of 50 characters. Labels may contain letters, numbers and underscores.
      • Single IP addresses are permitted; list these as a /32 CIDR block (e.g. 10.4.65.7/32)
      • Overlapping CIDR blocks are permitted (e.g. including 10.10.0.0/16 and 10.10.24.0/24)

         Example:  10.210.0.0/16 North America
                           10.230.0.0/16 EMEA
                           10.250.0.0/24 Australia

    3. Click the Avoid tab and then select Add to input manually or Upload to import a text file of the information.
      The requirements for Avoid List entries are as follows:
       
      • A text label, with a maximum of 50 characters. Labels may contain letters, numbers and underscores.
      • Single IP addresses are permitted; list these as a /32 CIDR block (e.g. 10.4.65.7/32)
      • CIDRs in this list may overlap fully or partially with the Target list.

Example:   10.10.0.0/24 Servers
                      10.30.0.0/28 Partner Network
                      10.50.0.0/30 Customer Network

  1. Click the Stop tab and then select Add to input manually or Upload to import a text file of the information.
    The requirements for Stop list entries are as follows:

    • A text label, with a maximum of 50 characters. Labels may contain letters, numbers and underscores.
    • Single IP addresses are required; list these as IP addresses, NOT in CIDR notation
      (e.g. 10.4.65.7)
    • IP addresses in this list may be contained within the Target list.

    Example:   10.10.10.10 Gateway to Server
                          10.30.40.50 Partner Gateway
                          10.50.60.70 Customer Gateway

  2. Input the coordinates of the selected collector's target discovery space.
    For each of the three lists, enter IP or CIDR information manually by typing or pasting it in, or import text files containing the information.
  3. In the CIDR field, type or paste one or more addresses, delimited by line breaks. Or, if you are uploading, import the same information in the form of a TXT file.
    Sample entries:
    10.7.0.0/24
    10.7.50.0/24
    10.7.96.0/19
    10.7.100.0/24
    10.8.0.0/24
    10.100.10.0/24
    10.100.50.0/24
    10.200.0.0/24
    10.201.0.0/24
    65.198.68.0/24
    65.246.240.0/21
    172.18.1.0/24 
  4. Click Create to save your entries to the active list.
    The results display in the Discovery Spaces grid. The active list type button --Target, Avoid, or Stop–indicates which type of list is displayed.