Discovery Configuration Settings

The Discovery Configuration Settings page is a centralized interface for defining how certificate and network discovery operations are conducted and reported. It is organized into the following three sections:Details of the configuration settings in each section are covered subsequently.

Configuring Network Discovery Settings

  1. Go to (Menu) > CERT+ > CERTIFICATE DISCOVERY > Discovery Configuration > Settings.
    The Settings page is displayed.
  2. Click + Create.
    The Add page is displayed.
  3. Enter/Select the basic details.
    Table 1. Field descriptions for the basic details
    Field Description
    *Name Enter a name of the setting.
    Important: This field does not support special characters.
    Description Add additional details about this scan settings.
    *: Mandatory fields
  4. Enter/Select the Network Scan Configuration details.
    Table 2. Field descriptions for the Network Scan Configuration details
    Field Description
    Alive Host Detection Select the type of host detection. The available oprions are,
    • Conservative
    • Balanced
    • Aggresive
    • Custom.
    Field Description
    Active IP Scan Enable this option to detect and scan active IPs.
    Detection Mode Choose the method to detect the active hosts.
    • Default Ports
    • ICMP only
    • Custom Ports.
    Scanning Speed Adjust the scan intensity.
    Note: Enabled this option if Active IP Scan = Enable
    .
    Concurrent Probes Define the maximum number of simultaneous probes sent during a scan.
    Note: Enabled this option if Active IP Scan = Enable
    Host Timeout Determine the wait time.
    Note: Enabled this option if Active IP Scan = Enable
    Maximum Retry Specify the number of retry.
    Note: Enabled this option if Active IP Scan = Enable
    Open Port Configuration Configure the open port.
    Field Description
    Scanning Intentsity Adjust the scan intensity.
    Packets per Second Set the packets.
    Concurrent Parallel Probes Determine the number of probes.
    RTT Timeout Set the RTT timeout.
    Max Retries Set the number of retry.
    Probe delay Determine the wait time.
    Host Timeout Set host timeout.
    OS Check Configuration Enable the OS check radio button.
    Note: Below options will be enabled this option if OS Check Configuration = Enable
    Field Description
    Scanning Intentsity Set the intensity of OS and service detection scan.
    Service Detection Determine how deeply services running on open ports are analyzed.
    OS Scan Set the OS Scan.
    Version Probe Intensity Level Set the probe intensity level.
    Probe delay Set the probe delay.
    Advanced Configuration Configure the advanced configuration.
    Field Description
    IPs per Batch of Discovery Define how IPs to scan at once.
    Scan Ports Select the type of ports. The available options are,
    • All Ports
    • Custom Ports
    • Standard Ports
    • Frequently Used Ports.
    TLS version(s) Define the TLS version.
    Execute Batches Sequentially Select the checkbox to execute the batches.
    Interval Between Batches Set the interval time.
    *: Mandatory fields
  5. Click Save.

Configuring General Discovery Settings

The General Discovery Settings section of the Discovery Configuration :: Settings page let you manage the general behavior of network discoveries.
To configure the general discovery configuration settings, enable/disable the following features, as required:
Table 3. Field descriptions for the general discovery settings
Field Description
Discover Private Key To fetch private keys from endpoints as part of the discovery results, turn on the Discover Private Key toggle.

While this feature is disabled by default to preserve confidentiality, fetching private keys from endpoints is required if you want to push the discovered certificates to new endpoints.
Synchronize Network Connectors To ensure that the configuration and status of all associated network connectors is regularly synchronized, turn on the Synchronize Network Connectors toggle.

If this feature is enabled, the discovery instance will attempt to sync device data with the latest connector state before scanning.
Number of Discovery History Required Enter the number of discovery iterations to retain per job. Entries older than the specified number will be auto-purged.

Default value: 5

Maximum value: 5
Access Control Scheduled Discoveries To restrict access to scheduled discoveries to the discovery owner's user group, turn on the Access Control Scheduled Discoveries toggle.
*: Mandatory fields

Configuring Discovery Report Settings

The Report Settings section of the Discovery Configuration :: Settings page lets you define the compliance and vulnerability insights that should be included in the discovery reports.
To configure the discovery report settings, enable/disable the following features, as required:
Table 4. Field descriptions for the general discovery settings
Field Description
Identify if MTLS is enabled on HTTPS endpoints To check if mutual TLS (mTLS) is configured on the discovered HTTPS endpoints, turn on the Identify if MTLS is enabled on HTTPS endpoints toggle.

This means that both, the server and the client, must provide valid certificates for authentication.

Check ciphers enabled on endpoints To check if the supported ciphers are enabled on the discovered endpoints, turn on the Check ciphers enabled on endpoints toggle.

In addition to discovering the ciphers, enabling this feature will also categorize them according to their security strengths in the discovery report and trigger additional scans, if required.
Check CAA records To query the DNS for Certificate Authority Authorization (CAA) records associated with discovered domains, turn on the Check CAA records toggle.

These records are then evaluated against the issuing Certificate Authorities to verify that certificates have been issued only by CAs explicitly authorized for those domains.
Check for Heart Bleed, Poodle and Roca Vulnerabilities To check if there are legacy TLS vulnerabilities (such as heart bleed, POODLE, and ROCA) associated with the discovered certificates, turn on the Check for Heart Bleed, Poodle and Roca Vulnerabilities toggle.
*: Mandatory fields

Deleting Network Settings

  1. Go to (Menu) > CERT+ > CERTIFICATE DISCOVERY > Discovery Configuration > Settings.
    The Settings page is displayed.
  2. From the network inventory list, under Name, select the checkbox(es) corresponding to the network list(s) you want to delete.
  3. From the menu bar, click .
  4. From the confirmation dialog box, click Submit.
    The selected settings list(s) are deleted.
    Note: Default settings cannot be deleted. Additionally, any setting mapped to a network cannot be removed.

Cloning Network Settings

  1. Go to (Menu) > CERT+ > CERTIFICATE DISCOVERY > Discovery Configuration > Settings.
    The Settings page is displayed.
  2. Select the checkbox that to be cloned from the settings list.
  3. From the menu bar, click the Clone button.
    The confimation window appears.
  4. Enter the new settings name that to be cloned.
  5. Click Submit.
    The pop-up message appears as Selected Network Settings Cloned Successfully.