Asset Discovery Results
You can view the results of running one or more Asset Discovery jobs.
To view asset discovery results
- Navigate to Asset Management > Discovery > Assets > (add or edit a Asset Discovery job).
- On the Asset Discovery Results tab:
- Select the time frame of the completed jobs you want to display which ranges from the last 24 hours to the last 7, 30, 60, or 90 days. Or, click Custom to create a custom time frame.
- Click Refresh to refresh the results.
- Click Search and enter the character string to be used to search for a match. For more information, see Search box.
- Click a column to sort the column information displayed for each job:
- Date/Time: The most recent date and time the Asset Discovery job successfully ran.
- User: The user who ran the job or Automated System, if the job is run on an automated schedule.
- Event: The outcome of running the Asset Discovery job event, which may be Asset Discovery Succeeded, Asset Discovery Failed, or Asset Discovery Started.
- Partition: The partition in which the discovered assets will be managed.
- Appliance: The name of the Safeguard for Privileged Passwords Appliance.
- Directory: If applicable, the name of the directory on which the Asset Discovery job ran.
- # Assets: The number of asset found during the discovery job; click to view details.
Account Discovery jobs include the rules Safeguard for Privileged Passwords uses to perform account discovery against assets. When you add an Account Discovery job, you can identify whether or not to automatically manage found accounts, whether to discover services, and whether to automatically configure dependent systems.
The accounts in the scope of the discovery job may include accounts that were previously added (manually) to the Safeguard partition. For more information, see Adding an account.
To configure and schedule Account Discovery jobs, perform one of the following:
Safeguard for Privileged Passwords supports account discovery on the following platforms:
- Linux / Unix (based)
- MAC OS X
- Starling Connect
- Windows (services and tasks)
- SQL Server
- HP iLO
- HP iLO MP
Properties and toolbar
Go to Account Discovery:
- web client: Navigate to Asset Management > Discovery > Accounts.
Use these toolbar buttons to manage the Account Discovery jobs.
Table 136: Account Discovery: Toolbar
|New Account Discovery Job
Add an Account Discovery job. For more information, see Adding an Account Discovery job.
Delete the selected Account Discovery job.
Modify the selected Account Discovery job. You can also double-click a row to open the edit dialog.
Discover the accounts on the selected Account Discovery job. Select the asset on the Asset dialog. A Task pop-up displays which shows the progress and completion.
Discover the services on the selected Account Discovery job. Select the asset on the Asset dialog. A Task pop-up displays which shows the progress and completion.
Add, delete, or refresh the assets associated with the Account Discovery job.
IMPORTANT: You must associate the assets to the Account Discovery job for the accounts to be found.
Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.
Update the list of Account Discovery jobs.
Enter the character string to be used to search for a match. For more information, see Search box.
Account Discovery jobs display in the grid.
Table 137: Account Discovery: Account Discovery job grid
|Name of the discovery job.
|The creator of the job.
|The type of discovery performed, for example, Windows, Unix, Starling Connect, or Directory.
|The directory on which the discovery job runs.
The partition in which to manage the discovered assets or accounts.
|Designates when the discovery job runs.
A check mark displays if the job will discover service accounts.
A check mark displays if the accounts that are discovered in the Service Discovery job are automatically configured as dependent accounts on the asset.
Total number of assets assigned to the Account Discovery job. A Caution displays if no accounts are assigned to the Account Discovery job therefore no data will be discovered.
The description of the discovery job.
Account Discovery job workflow
Safeguard for Privileged Passwords's Account Discovery jobs discover accounts of the assets that are in the scope of a profile. For more information, see About profiles. Account Discovery jobs can include service discovery.
You can configure, schedule, test, and run Account Discovery jobs. After the job has run, you can select whether to manage the account, if it was not identified to be automatically managed.
- Create an Account Discovery job and associate assets or create an asset and associate the Account Discovery job.
Account Discovery jobs can be scheduled to run automatically. In addition you can manually launch these jobs in any of the following ways:
- From Asset Management > Discovery > Accounts click Discover Accounts or Discover Services.
- From Asset Management > Assets > (View Details) click Discover Accounts.
- After the Account Discovery job runs, you can mark the managed accounts from Discovery > Discovered Items > Accounts:
- Click Disable to prevent Safeguard for Privileged Passwords from managing the selected account.
- Click Enable to manage the selected account and assign it to the scope of the default profile.
NOTE: The discovery job finds all accounts that match the discovery rule's criteria regardless of the state and reports only the accounts discovered that do not currently exist. Account Discovery does not update existing accounts.
Search the Activity Center for information about discovery jobs that have run. Safeguard for Privileged Passwords lists the account discovery events in the Account Discovery Activity category.
Adding an Account Discovery job
It is the responsibility of the Asset Administrator or the partition's delegated administrator to configure the rules that govern how Safeguard for Privileged Passwords performs account discovery. For more information, see Account Discovery job workflow.
To add an Account Discovery job
- Navigate to Asset Management > Discovery > Accounts.
- Click New Account Discovery Job to open the New Account Discovery Job dialog.
- On the General tab, enter the following information:
On the Information tab, enter the following information:
Discovery Type: Select the platform (Directory, Role Based, SPS, Starling Connect, Unix, or Windows). Make sure the Discovery Type is valid for the assets associated with the partition selected on the General tab.
Discover Services: (For Windows accounts only and deselected by default) Select this check box so that when the discovery job is run, services are discovered.
If Discover Services is selected, the Automatically Configure Dependent Systems check box is also available. Select this check box so that any directory accounts that are discovered in the Service Discovery job are automatically configured as dependent accounts on the asset where the service or task was discovered. Once dependencies are found they can only be removed manually from Account Dependencies tab (asset).
The Account Discovery Rules tab is only available after an account discovery job has been created. For more information, see Adding an Account Discovery rule.
- On the Schedule tab, enter the following information:
Select a time frame:
- Never: The job will not run according to a set schedule. You can still manually run the job.
- Minutes: The job runs per the frequency of minutes you specify. For example, Run Every 30/Minutes runs the job every half hour over a 24-hour period. It is recommended you do not use the frequency of minutes except in unusual situations, such as testing.
Hours: The job runs per the minute setting you specify. For example, if it is 9 a.m. and you want to run the job every two hours at 15 minutes past the hour starting at 9:15 a.m., select Run Every 2/Hours/@ minutes after the hour 15.
Days: The job runs on the frequency of days and the time you enter.
For example, Run Every 2/Days/Starting @ 11:59:00 PM runs the job every other evening just before midnight.
Weeks The job runs per the frequency of weeks at the time and on the days you specify.
For example, Run Every 2/Weeks/Starting @ 5:00:00 AM and Repeat on these days with MON, WED, FRI selected runs the job every other week at 5 a.m. on Monday, Wednesday, and Friday.
Months: The job runs on the frequency of months at the time and on the day you specify.
For example, If you select Run Every 2/Months/Starting @ 1:00:00 AM along with Day of Week of Month/First/Saturday, the job will run at 1 a.m. on the first Saturday of every other month.
Select Use Time Windows if you want to enter the Start and End time. You can click Add or Remove to control multiple time restrictions. Each time window must be at least one minute apart and not overlap.
For example, for a job to run every ten minutes every day from 10 p.m. to 2 a.m., enter these values:
Enter Run Every 10/Minutes and set Use Time Windows:
If you have selected Days, Weeks, or Months, you will be able to select the number of times for the job to Repeat in the time window you enter.
For a job to run two times every other day at 10:30 am between the hours of 4 a.m. and 8 p.m., enter these values:
For days, enter Run Every 2/Days and set Use Time Windows as Start 4:00:00 AM and End 8:00:00 PM and Repeat 2.
If the scheduler is unable to complete a task within the scheduled interval, when it finishes execution of the task, it is rescheduled for the next immediate interval.
Select the assets to which the account discovery rule applies using one of these approaches: