Managing Augmentation Methods

Collectors perform active scans (Discover and Subnet Subnet is the logical division of an IP network.) on the network to detect the devices on the network and to collect data related to those devices. To enhance the data that is collected for the devices that are detected by the collector, collectors use augmentation methods associated to the different segments where the devices are detected. Augmentation methods enable the collectors to collect additional device attributes. These additional device attributes are collected to assist with device classification. Collectors can use these types of augmentation methods:

SNMP

Simple Network Management Protocol (SNMP) is a internet standard protocol for collecting information on networks. Devices that typically support SNMP include cable modems, routers, switches, printers, and so on.

Collectors send an SNMP message to the device to retrieve the network device information.

Device data collected from the SNMP augmentation method includes:

WMI

Windows Management Instrumentation (WMI) is a set of specifications from Microsoft for consolidating the management of devices and applications in a network from Windows computing systems.

Collectors use this WMI augmentation method to collect additional device data on Windows devices and servers.

Device data collected from the WMI augmentation method includes:

  • IP address
  • MAC address
  • Operating system information
  • Host name
  • Services
  • Process
  • Username
  • Open ports
  • Application information

SSH

Collectors try and retrieve the following information for a device if port 22 is open on a device and Secure Shell (SSH) is configured:

  • MAC address
  • Device name
  • IP address
  • Host name from Mac/Linux devices

NMAP

Network Mapper (NMAP), is a free, open-source tool for network discovery. Collectors use NMAP to identify devices and to find the open ports on the device.

Device data collected from the NMAP augmentation method includes:

  • Open ports
  • Application information running behind those ports

For more information, see: