Managed Devices

You can discover keys by creating and running scans on your configured devices. The Discovery scans these devices for SSH keys configured on your server. You can map the discovered keys to the selected key compliance groups and manage/monitor them.

To discover keys using managed devices option:

  1. Go to (Menu) icon > SSH+ > Discovery > Managed Devices.
    The Managed Devices > Discover page is displayed.
  2. Enter the following details:
    Table 1. Field description for Discover Managed Devices section
    Field Description
    Discover By
    *Select Select one of the options:
    • Instant: To discover the keys immediately. By default, Instant option is selected.
    • Scheduled: To schedule the discovery of keys on a specific date and time.
    Scheduler (This section appears only if you have selected the Discovery option as Scheduled)
    *Schedule Name Enter a unique name. This helps you identify it easily.
    Description Enter details pertaining to the scheduling discovery purpose.
    *Starts On Under the Starts On, set the time to start the run. You can customize the date, month, year, and time by clicking the Calendar icon.
    *Repeat Every Schedule discovery can be set to repeat discovery after every 5 minutes or can be customized per your requirement.
    *End Date Select one of the options to end the scheduled discovery:
    • Never: To keep the scheduled discovery going.
    • On: To select the end date when the scheduled discovery has to stop.
    • After: To stop the scheduled discovery after a certain number of occurrences.
    Discover SSH Keys
    *Discovery Name This field appears only on selecting the Instant discovery option. Enter a unique name. This helps you identify it easily.
    Description This field appears only on selecting the Instant discovery option. Enter details pertaining to the discovery stating the purpose.

    A list of added and managed devices is displayed. Only devices with status as Managed and those that have RW permission are displayed in the list.

    From the list of managed device(s), select the Managed Device(s). The selected device(s) is the source of discovery.

    To select all the managed devices, select Select all. All the managed devices are the source of discovery.

    To understand the functionality of Regex, see Using Regex Feature.

    *Ip(S) Per Batch Select a value from the dropdown list. Based on this value, the subnet provided is split into multiple batches for the discovery process
    *Discover Select one or both of the options:
    • User Keys: To discover user keys.
    • Host Keys: To discover host keys.
    Key Compliance Group Select the required Key Compliance Group to which you want to map the discovered keys. The discovered keys are associated with the selected Key Compliance Group.
    Note: The key group selection simplifies the grouping of the discovered keys and checks the discovered keys for key compliance. The keys are checked for compliance based on the policy of the key group it is associated with.
    *Scan Type Select one of the options:
    • Default: The system scans the default ssh folders.
    • Full: The system scans the entire location. You can enter the files name/path that you want to exclude from the discovery for non-standard location.
    • Directory: The system performs default scan along with directory scan in the specified directory. Enter the file name/path you want to exclude/include for non-standard location.
    Note: Changing the scan type clears the File Path table.
    File Path This field is enabled only if you select Full or Directory as your Scan Type.

    Enter the file/s name/path that you want to exclude/include scan (only for directory scan) from the discovery for non-standard location.

    File path should always start with '/'.
    Operation This field is enabled only if you select Full or Directory as your Scan Type.
    Select from the following options:
    • Exclude: Disables the scan in the file/s name/path location entered in File Path.
    • Include: Enables the scan only in the file/s name/path location entered in File Path.
    Note: Multiple folder/path entries can be entered for scan, which are displayed in the consecutive table with respect to File Path and Operation.
    Note: Fields indicated with red asterisk (*) symbol are mandatory.
  3. Click Add.
    The File Path table is populated with the operation.
  4. In Inventory Action, select one of the options:
    • Do Not Move: To avoid the movement of newly discovered keys in the inventory.
    • Manage: To allow the system to manage the newly discovered keys, which are moved to the inventory with Managed status.
    • Monitor: To allow the system to monitor the newly discovered keys, which are moved to the inventory with Monitored status.
  5. Click Discover.

    The discovery runs per the settings and the key scan instance is added to the discovery inventory with the Status as In Progress until the discovery is completed. The Status in the discovery inventory changes to Completed or Failed depending on the outcome of the scan.