Target Groups
Target Groups are groupings of endpoints or IP ranges. Data collected during the scan is always associated with a target group for analysis and reporting. Target groups assist you and your team in logically dividing your network by location, function, asset type, or any other logical division. Additionally, Target Groups allow for Real-Time Security Monitoring and Scheduled deep scans.
Devices are added to a Target Group by either creating a Query and Enumerating to discover devices, or by adding specific installed agents to the Target Group.
To create your first target group, navigate to the Discover Tab, select “Add New Target Group” and provide a descriptive name.
Pro-Tip: Target groups can contain machines discovered by both Agent and Agentless methodologies.
Adding Agents to a Target Group
Agents can be enabled and assigned to Target Groups at the time of Agent Installation with an Agent Registration Key, or can be enabled and assigned manually after installation.
Agent Registration Key
Host / Agent association with a default Target Group will happen automatically if an Agent Registration Key is generated and used during the installation of an Agent (See the Agent Installation Article).
1.Create a “Registration Key” to install agents by clicking “Add New Registration Key” within the Agent Registration admin panel.
2.Assign the "Registration Key" to the desired Target Group.
3. Utilize the "Registration Key" during the installation process.
Agents installed with a Registration Key will automatically be approved and added to the default target group selected.
Manually adding agents to Target Groups
In order to add agents to a designated Target Group navigate to the profile icon in the top right corner, select Admin, and navigate to Agents on the left navigation bar. If you have not previously enabled the Agent, click on the ellipses to the right of the Agent and select Enable.
Once the desired Agents are enabled, select one or more Agents to add to a Target Group and click the Add To Target Group button in the right corner.
then select the desired Target Group and click save.
Queries (Agentless)
Asset Discovery is a necessary step for agentless scanning and is supported by defining Queries which can be a list of hostnames, IP Addresses, IP Ranges, CIDR Blocks or AD/LDAP domains.
These queries dictate membership into Target Groups anytime the agentless architecture is used.
Prerequisites:
- Domain or Local Admin Credentials configured and input for use in Infocyte.
- Search “Credential Manager” for more information. - An existing Target Group.
Creating a query:
- Under the Discover tab select the Target Group for the new Query.
- Click the Add Query Button
- Provide a Friendly Name for the Query (utilized to identify the query during enumeration tasks)
- Select the Credentials for the Query to use.
- Select SSH Credentials if Applicable.
- Select a query type, or alternatively leave the type set to Auto Detect.
-Proper format is needed to utilize the Auto Detect option.
-CIDR [XXX.XXX.XXX.XXX/(bit)]
-IP Scope [XXX.XXX.XXX.XXX - XXX.XXX.XXX.XXX]
-Domain [ldap://FQDN]
-Hostname [FQDN]
-IPAddress [XXX.XXX.XXX.XXX]
Pro-Tip: An alternate method of copy and pasting in the above formats can be accomplished via the Raw Data Option.
Restrictions: Queries are limited in the following ways:
--The size of an IP Scope or a CIDR block is limited to a Class B or a /16 CIDR block. Larger ones will cause it to fail at time of Enumeration.
--The size of an IP Scope or CIDR block is limited to the number of Licensed (Purchased) devices times a multiple of 10. Example: If 1000 licenses were purchased, no one query can be larger that 10,000 IP Addresses. - Save the Query
- Once you have saved a query, you can enumerate the query to find all of the devices specific to it. You do so by clicking on the Find Host button. This step may take a good amount of time depending on the size of the query.
Comments
0 comments
Please sign in to leave a comment.