2 Replies Latest reply on Nov 9, 2018 4:50 AM by phoffmann

    EPM Discovery

    EZ Apprentice

      I was asked how the agentless discovery would pick up the following device types. Any input would be great.

      - WIndows CE

      -Beacons / internet of Things devices?

      -Can it pick up containers & how?


      Can / How would discovery pickup enumeration and mac addressw ithout an agent for these devices / OSés?


      Thank you.

        • 1. Re: EPM Discovery
          EZ Apprentice

          Forgot one question: How does it handle beaconing network points?

          • 2. Re: EPM Discovery
            phoffmann SupportEmployee

            Bit more information would be useful here. I can try to answer some points, but haven't played an awful lot with the agentless stuff here. Trying to be helpful / help focus questions here though, as things are a bit "loosey goosey" which doesn't often usually help getting good answers.


            • First up (good habit to get into) - always list what version you're (looking to be) on. That helps with context (if you've spent 12 months pen-testing 2017.3 for instance, it'd seem unlikely for you to just start looking at 2018.3 ) and things can vary quite a bit between versions. Not super relevant here, but it's a great habit I try to encourage everywhere (as it very often gets missed out when it would actually be needed).
            • If you're talking containers ... what OS / types of containers are we talking here exactly?

              I'm *assuming* (incorrectly?) that we're talking Linux containers? If so, the new(-ish) EPM agent for Linux introduced with 2017.3 onward *does* have an optional module / script included to list the existence of containers. We're considering how to get more data beyond "this thing exists" in a legitimate way, as we want to use only legitimate means ... and querying containers either requires credentials (which is a pain in and of itself, as you can imagine 2,000 containers requiring 2,000 different sets of creds potentially) and/or hacks which is "not linux friendly" to put it mildly.

              Also, keep in mind that there's a LOT of different container technologies out there ... so it's a very wide brush to use here.

              If you're talking WINDOWS containers, we'd need more information on what technology you're thinking of / what data points you'd be after. As a cautious point, I'd argue that MOST sensible approaches to collecting / hoovering up information on containers would require higher levels of privilege & often some "special jumping through hoops", so having a full agent would be probably MUCH more suited to this sort of thing.
            • Windows CE (and I'm a bit rusty here, so take this with a pinch of salt) should be "just Windows 10" and should work -- with agentless or agent-based side of things (unless you're using some really old editions of CE ... had recently a "you can't be serious" type realisation when someone pointed out they still had a Windows XP based CE in their environment ... ).

              There are a bunch of "weird" editions of WIndows 10 (such as for the TVs & such) which are ... well "weird", and results / mileage may vary. I'm being a bit cautious here since I've had "Windows CE" mean anything from "actual Windows CE" to "the thing running my TV".

              On a related note, Windows 10 IoT Core isn't supported for instance (but may work with the mobility agent) for instance.

              For a list of supported OS'es (including IoT), see here - Supported Platforms and Compatibility Matrix for LANDESK Management Suite/Ivanti Endpoint Manager !
            • Many IoT things tend to be Linux based (details may vary), so I would doubt that the agentless scanner would be able to inventory them (since - again - it's Windows based primarily).

              Be aware that we can *PICK UP* the existence of such devices (via XDD / UDD) ... but inventory'ing them is going to be a separate matter (and vary on the details of the IoT side of things, though IoT discovery is an area of continued dev work.
            1 of 1 people found this helpful