Adding assets to sites

An asset is a single device on a network that is discovered during a scan. To perform a scan on a site, you must assign assets to it.

You can either manually input your assets or asset groups, or specify a dynamic discovery connection that discovers assets.

Not all sites can be edited for target assets. For example, sites created through dynamic discovery connections are assigned assets based on third-party integrations. See Managing dynamic discovery of assets for more information.

You can add and remove assets from the Assets tab of the Site Configuration:

  • If you want to add or remove assets to an existing site, click that site's Edit icon in the Sites table on the Home page. Or, while viewing the site details, you can click Manage.
  • To create a new site, click the Create site button on the Home page and follow the procedure in Creating and editing sites.

The console displays an asset as a member of a site named Global if that asset is a member of more than one site.

You can't change the method for specifying assets

After you save a site, you cannot change the method for specifying assets. For example, if you specify assets with a discovery connection and then save the site, you cannot manually add IP addresses or hostnames afterwards.

Specify Assets by Hostnames or IP Addresses

Use this method to create a site that scans a manually-specified collection of assets or asset groups. Such sites work best for scanning environments that have non-virtual assets and do not often change. You can specify individual assets, IP ranges, asset groups, or a combination of these.

Add individual assets or ranges

Use this method to specify individual assets or ranges of assets. You can also add asset groups to the same site.

To add assets:

  1. From the home page, open the site configuration screen by clicking the Edit icon for your site.
  2. On the Assets tab, enter host names, IP addresses, or ranges in the Assets text box in the Included Assets section. You can expand the text box to add multiple assets at a time. Use any of the following notations:
    • Each target can be separated by either typing a comma or by starting a new line for each asset or range. Acceptable inputs are:
      • 10.0.01
      • 10.0.0.1 - 10.0.0.255
      • 10.0.0.0/24
      • 2001:db8::1
      • 2001:db80 - 2001:db8ffff
      • 2001:db8::/112
      • 2001:db8:85a3:0:0:8a2e:370:7330/124
      • www.example.com
    • IPv6 addresses can be fully compressed, partially uncompressed, or uncompressed. The following are equivalent:
      • 2001:db8::1
      • 2001:db8:0:0:0:0:0:1
      • 2001:0db8:0000:0000:0000:0000:0000:0001
    • If you use CIDR notation for IPv4 addresses (x.x.x.x/24) the Network Identifier (.0) and Network Broadcast Address (.255) will be ignored, and the entire network is scanned:
      • 10.0.0.0/24 will become 10.0.0.1 - 10.0.0.254
      • 10.0.0.0/16 will become 10.0.0.1 - 10.0.255.254
    • You also can import a comma- or new-line-delimited ASCII-text file that lists IP address and host names of assets you want to scan by clicking Choose File or Browse, depending on your browser.
  3. If you don't want to scan certain assets, enter their names or addresses in the Excluded Assets section. You may, for example, want to avoid scanning a specific asset within an IP address range either because it is unnecessary to scan, as with a printer, or it may require a different template or scan window than other assets in the range. The same format notations apply.
  4. Configure any other site settings as desired.
  5. Click Save or Save and Scan, depending on your preference.

Add asset groups

Use this method to scan one or more asset groups that you have previously created based on logical groupings. You can also combine the asset groups with individually specified assets or a range, as described above. You can either scan all the assets with the same Scan Engine or pool, or scan them each with the Scan Engine that was most recently used to scan the asset. To learn more, see the Scan Engines page.

  1. From the InsightVM Home page, open the site configuration screen by clicking the Edit icon for your site.
  2. On the Assets tab, go to the Include Asset Groups field and select the asset group from the dropdown list.
  3. If you don't want to scan certain assets, enter their names or addresses in the Exclude section. You may, for example, want to avoid scanning a specific asset within an IP address range either because it is unnecessary to scan, as with a printer, or it may require a different template or scan window than other assets in the range. The same format notations apply.
  4. Configure any other site settings as desired.
  5. Click Save or Save and Scan, depending on your preference.

Add assets by connection

Use this method to create a site in which the Security Console discovers assets via a connection with a server that manages those assets. Asset membership in a site created this way is subject to change under any of the following conditions:

  • The discovery connection changes
  • Filter criteria for asset discovery change
  • Assets are added to or removed from the environment managed by the connection server

Such sites are ideal for scanning Amazon Web Services (AWS) and virtual assets managed by VMware vCenter or ESX/ESXi. Asset membership in a site is subject to change if the discovery connection changes or if filter criteria for asset discovery change.

For information on different types of discovery connections and best practices see Managing dynamic discovery of assets.