Asset & Certificate discovery

Enclave asset management supports discovery to local devices on the same local network as a node. Optionally you can enable discovery for users.

Setup

To enable asset discovery, navigate to Assets -> Discovery and create a new scan configuration. In the example below, scanning is enabled for any agents with the label Control server.

How it works

When a scan is enabled, the agent will scan the local network for devices. The agent will then report the devices back to the Enclave server. The server will then create assets for the discovered devices. An output of the scan will be available in the Assets -> Discovery page. An example of the output is shown below.

Certificate discovery

Enclave discovery scans also include certificate discovery. If a host is found with common TLS ports open (HTTPS 443, SSMTPS 465, LDAPS 636, IMAP 993, POP-3 995), the agent will attempt to connect to the host and retrieve the certificate information. Discovered certificates can be viewed under Assets > Certificates. You can also optionally add in a list of URLs to scan for certificate in a discovery scan. These URLs only support scanning on HTTPS (443) and can be remote or local addresses.