On-demand Discovery

On-demand discovery is a discovery process execution type that is triggered immediately (as opposed to a scheduled discovery that is triggered according to a predefined schedule, and not necessarily immediately).

There are two ways you can trigger an on-demand discovery, as explained in the following sections.

On-demand Discovery: Method 1

This method is useful when you know the type of discovery process you want to trigger, from the following types:For each of these scan types, the form fields described in the respective sections explain the option that lets you specify whether the discovery will be on-demand or scheduled.
Click a scan type from the list above for instructions on how you can select on-demand discovery for that type.

On-demand Discovery: Method 2

The difference between method 1 and method 2 is that the Discovery From dropdown list for method 2 lists the sources for all discovery types.

To trigger an on-demand discovery:

  1. Go to (Menu) > CERT+ > CERTIFICATE DISCOVERY > Discovery Status > On Demand.
    The Discovery Status : On-demand page is displayed. .
  2. To create a new on-demand discovery distance:
    If this is the first on demand discovery instance, click from the center of the page.

    OR

    Click .

  3. In the Discover Details section, enter the following details:
    Table 1. Field descriptions for the Discover Details section
    Field Description
    *Discovery Run Type Select On-demand.
    Discovery Instance Name Enter the name of the discovery instance.
    Description Enter the required details in this field.
    Note: Character limit: 2000 characters
    *: Mandatory fields
  4. In the Discover By section, from the Discovery From dropdown list, select the source of the discovery.
    Based on your selection in this field, the rest of the fields will be displayed. For instructions on specifying the rest of the details:
    Table 2. Field descriptions for the Discover By section
    Field Refer for further instructions
    • IP Range
    • Subnet
    • URL
    		 Network Scan
    • Managed ADCs
    • Managed Servers
    • Managed MDMs
    • Managed Firewalls
    • Managed WAFs
    • Internal
    		 Managed devices scan
    CtLogs Transparency Log Scan
    Certificate Authorities Certificate Authority Scan
    Cloud Cloud Scan
    Upload Scanning Uploaded Certificates
    *: Mandatory fields
  5. In the Discovery Rules section, select the associate rule from dropdown list.
  6. In the After Discover section, select the required options.
    Table 3. Field descriptions for the After Discover section
    Field Description
    *Move Certificate to Inventory with Status Select the required options as required. The available options are:
    • Do not move
    • Managed
    • Monitored
    Use Access Control Rule Enable the checkbox to apply rule.
    Note: This dield is enabled when Move Certificate to Inventory with Status = Managed or Monitored.
    Certificate Group Select the required certificate group. Discovered certificates will be associated with the provided certificate group.
    *: Mandatory fields
  7. In the Discovery Notifications section, select the notification field as required.
    Table 4. Field descriptions for the Discovery Notifications section
    Field Description
    Subscribe for discovery status notifications Select the checkbox for the notification.
    Who should be notified ?
    • Notify User: Send notification to the user configuring/modifying the discovery.
    • Notify User-Group: Send notification to all the users in the triggering User’s User Group(s).
    *: Mandatory fields
    Note: When a device is onboarded with cert sync as Managed/Monitored, all discovered certificates are automatically inventoried under the Default group, regardless of the onboarding user’s access permissions. Consequently, when a user schedules/manually triggers discovery later, the user can still view the certificates assigned to the respective group, even if the user does not have access to that specific group.