Support Center

Chapter 3: Asset Discovery and Monitoring Services

Last Updated: Nov 27, 2018 09:37AM EST

Chapter 3: Asset Discovery and Monitoring Services

 

The Pulse analytics engine collects data from sensors running services or tasks that discover and monitor the wired, wireless, and Bluetooth-enabled assets throughout your organization. 

A service is a persistent, automated scanning program that runs on a Pulse sensor. Among the available sensor services are the following Pulse-specific services:
  • PwnScan Automated Scanner Service for actively discovering wired network hosts.
  • Realtime Wireless Discovery Service for passively monitoring the wireless environment.
  • Blue Hydra Bluetooth Scanner for detecting Bluetooth-enabled devices.
  • Active Directory Pulse Integration for querying baseline data from a local Active Directory server.
 

You configure and manage services in the management view for a particular sensor, which you access through the Sensors tab of the Pulse web application.

A task is a discrete scan you can configure to run at regular intervals or at specific times. Pulse includes several network-based, wireless, Bluetooth, and a vulnerability scan task for use. However it is strongly recommended to utilize the Services to perform discovery opposed to using Tasks as the service based approach provides continuous discovery.

You configure tasks on the Tasks tab of the Pulse Administration Console. You can also use the Scripts tab to create and schedule custom tasks. 
 


Wired Network Monitoring
 

Automated Network Scanning with PwnScan

This section discusses how to configure the PwnScan service to scan the appropriate networks. This is the preferred method of network scanning and discovery with Pulse. Scanning tasks are described in this section as an alternative to PwnScan, to be used where continuous scanning is not desired.

Pulse runs the PwnScan service on the sensor to detect and fingerprint all hosts with IP address on the wired network. The sensor can only scan networks to which it is connected or has visibility (this is important in choosing the appropriate location for the sensor based on intended subnet targets).


To configure PwnScan

  1. Log into Pwn Pulse and open the Sensors tab.
  2. Click the sensor you want to configure.
  3. On the sensor profile page, open the Services tab.


 
  1. Click PwnScan Automated Scanner Service
 
 
  1. Complete configuration settings as follows. The fields accept valid Classless Inter-Domain Routing (CIDR) ranges or single Internet Protocol version 4 (IPv4) addresses.
___________________________________________________________________________
NOTE:
Following any changes to the following settings once the service is running, PwnScan must be stopped and restarted for changes to take effect. 

______________________________________________________________________________________
___________________________________________________________________________________________
SETTING               DESCRIPTION
____________________________________________________________________________________

Blacklist                IP addresses/ranges (for example, x.x.x.x/32) to be excluded from the active                                                   discovery of ports, services, and operating systems.           

Scan Targets       Subnets, in CIDR notation, on which the sensor will perform active and passive                                                 scanning.
                     
                         The local subnet in which the sensor is assigned own IP address will be populated                                            automatically. Additional subnets to which the sensor has access to scan from its                                            location can be added here. 

                            Systems on the locally available subnet can be discovered quickly by passively                                       detecting their ARP broadcasts. 

______________________________________________________________________________________

Note: If the sensor is moved to a different native network after its initial configuration, either change the Scan Targets or deregister and then reregister the sensor.

___________________________________________________________________________

Note: See the Appendix A–Monitoring Multiple VLANs for information on configuring the sensor to monitor multiple VLANs at a trunk port. 

____________________________________________________________________________________
 
  1. Click Save.
  2. On the Services tab, click Start to start the service. If scanning a new network for the first time, If the service was previously running, it must be stopped and restarted to enable changes.
           If scanning a new network for the first time, it may take up to several hours for the scan to populate           data in Pulse, depending on the network size.


Using Scheduled Tasks for Network Host Scanning

As an alternative to continuous scans with PwnScan, you can use task-based scanning instead of automated network host discovery and scanning. IMPORTANT: These scans should not be used simultaneously in conjunction with PwnScan on the same subnets.

Pulse, by default, has several preconfigured network discovery tasks that can be run immediately. They are as follows:

 
  • Network Discovery Default uses Nmap to scan the local network subnet (based upon the IP and netmask assigned to the sensor) to identify the live hosts, then scan each host for the Nmap Top 1,000 ports. This task is not intended to be highly configurable and only scans the subnet associated with the eth0 interface.
     
  • Network Discovery Basic is performed in the same manner as "Network Discovery: Default" with the exception the user may specify the target IP address or target range and the port(s) to be scanned. Note: If the ports: field is left blank, the Nmap Top 1,000 ports are scanned.  If ports are being specified, use comma delimited or hyphen to indicate a range of ports.
     
  • Network Discovery Simple uses ARP to scan the target IP address or target range specified, the goal of which is to determine if the target is "live", nothing else is discovered. Note: This is an extremely FAST method to discover live hosts within the local network subnet. If the target(s) specified are on a connecting remote subnet, it is not expected targets will be discovered in other subnets unless ProxyARP is enabled on the router in between.
     
  • Network Discovery - Service uses Nmap with the -sV -O switches to scan the target IP address or target range specified, the goal of which is to identify live hosts, listening ports, services and operating system for each. Note: If the ports: field is left blank, the Nmap Top 1,000 ports are scanned. If ports are being specified, use comma delimited or hyphen to indicate a range of ports.
     
  • Network Discovery Aggressive uses Nmap with the -T5 -A -v switches to aggressively scan the target IP address or target range specified, the goal of which is to identify live hosts, open ports (of all possible 65,535), service detection, version detection, OS detection, and script scanning. NoteThis is an INTENSIVE SCAN. It is NOT recommended to run this against a target range, but to instead test an individual target IP address when this level of detail is required. Depending on the network, this method of scanning may overwhelm switches or cause an Denial of Service.
__________________________________________________________________________________

Configuring a Network Discovery Task

  1. To add a new task, click Tasks on the left-hand toolbar.
  2. Click Add Task.
  3. On the New Task page, complete task settings as follows.








 
 
____________________________________________________________________________________
SETTING          DESCRIPTION 
____________________________________________________________________________________

Name                Assigned task name.

Enabled            Select to enable the task (required for task to run).

Script                Select a Network Discovery task from the drop-down list, which displays all tasks                                                     currently in Pulse, including any custom scripts you have added in the Scripts section.
      
Target               Specify the target IP address, or network to be scanned, in Classless Inter-Domain                                                   Routing (CIDR) notation.
          
Ports                Some tasks allow you to specify which ports to scan. Where available, format this as if                                            passing to an Nmap scan.    

Add to              Select whether to run this task against a single sensor, or a group of sensors.

Starts at           Schedule when you want the task to run—default is the current time.

Repeats           Select whether and how frequently to repeat the task.
____________________________________________________________________________________
 
  1. Click Save.

         
     The task begins automatically at the specified start time, and runs against the sensors selected. 


Wireless Network Monitoring


Pulse’s Realtime Wireless Discovery Service provides continuous passive monitoring of the 2.4Ghz and 5Ghz 802.11 spectrum. This scan passively monitors the entire WiFi spectrum.


To enable real-time wireless scanning

 
  1. Log into Pulse and open the Sensors tab.
  2. Click the sensor you want to configure.
  3. On the sensor profile page, open the Services tab.
  4. Click Realtime wireless discovery service.

____________________________________________________________________________________
Note: Once you join a sensor to Pulse, it may take up to five minutes before Realtime Wireless Discovery Service is available for enabling.
____________________________________________________________________________________


Scanning for Bluetooth Devices


Pulse includes a Bluetooth service called BlueHydra Bluetooth Scanner to provide continuous discovery of Classic & Low Energy (LE) Bluetooth devices.
  • Bluetooth Classic – Designed for continuous streaming data applications.
  • Bluetooth Low Energy (BLE, Bluetooth 4.0) – Designed for devices that only need to exchange small amounts of data periodically.

To enable the BlueHydra Bluetooth Scanner service

  1. Log into Pulse and open the Sensors tab.
  2. Click the sensor you want to configure.
  3. On the sensor profile page, open the Services tab.
  4. Locate Blue Hydra Bluetooth Scanner and click the toggle switch to on (green).
           Newly discovered Bluetooth devices will now begin to populate on the Assets tab under Bluetooth.
___________________________________________________________________________
Note: Once you join a sensor to Pulse, it may take up to five minutes before the Blue Hydra Bluetooth Scanner is available to enable.
___________________________________________________________________________
 
 
 

Contact Us

support@pwnieexpress.com
http://assets3.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete