Introduction
Starting with Open-AudIT 2.3.2 we have introduced sets of preconfigured options for running the discovery scan using Nmap.
How Does it Work?
When a discovery ius run, the relevant discovery scan option is chosen and those settings used by Nmap to scan the target devices. If no option set is chosen, the default configuration item (discovery_default_scan_option) is selected and used.
If a device is individually discovered using the "Discover Device" link on the device details page, we first check if this device has been discovered previously (by Discoverey) and if so, use the discovery options from that scan. If it has not been previously discovered, we revert to the configuration item discovery_default_scan_option the settings.
Creating a Discovery Scan Options entry
Discovery Scan Options are just another item collection. Enterprise users can create, read, update and delete entries as required. Professional users can read all entries, but not create new entries, update existing entries or delete entries. Community users have no GUI that allows access to this collection.
Roles contain the definitions for users that are allowed to CRUD these items (regardless of license). Just like Baselines, for example.
Database Schema
CREATE TABLE `discovery_scan_options` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(100) NOT NULL DEFAULT '',
`org_id` int(10) unsigned NOT NULL DEFAULT '1',
`description` text NOT NULL,
`ping` enum('','y','n') NOT NULL DEFAULT 'y',
`service_version` enum('','y','n') NOT NULL DEFAULT 'n',
`filtered` enum('','y','n') NOT NULL DEFAULT 'n',
`timeout` int(10) unsigned NOT NULL DEFAULT '0',
`timing` int(1) unsigned NOT NULL DEFAULT 4,
`nmap_tcp_ports` int(10) unsigned NOT NULL DEFAULT '0',
`nmap_udp_ports` int(10) unsigned NOT NULL DEFAULT '0',
`tcp_ports` text NOT NULL,
`udp_ports` text NOT NULL,
`exclude_tcp_ports` text NOT NULL,
`exclude_udp_ports` text NOT NULL,
`exclude_ip` text NOT NULL,
`ssh_ports` text NOT NULL,
`options` text NOT NULL,
`edited_by` varchar(200) NOT NULL DEFAULT '',
`edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
API / Web Access
You can access the /discovery_scan_options collection using the normal Open-AudIT JSON based API. Just like any other collection. Please see the API documentation for further details.
Access is provided as part of a roles permissions. Discovery Scan Options is a standard resource and can have create, read, update and delete permissions (by Enbterprise licensed customers).
The API routes below are usable from both a JSON Restful API and the web interface. The Web application routes are specifically designed to be called from the web interface (a browser).
API Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes |
|---|---|---|---|---|---|---|
| POST | n | create | discovery_scan_options::create | /discovery_scan_options | Insert a new discovery_scan_options entry. | |
| GET | y | read | discovery_scan_options::read | /discovery_scan_options/{id} | Returns a discovery_scan_options details. | |
| PATCH | y | update | discovery_scan_options::update | /discovery_scan_options/{id} | Update an attribute of a discovery_scan_options entry. | |
| DELETE | y | delete | discovery_scan_options::delete | /discovery_scan_options/{id} | Delete a discovery_scan_options entry. | |
| GET | n | collection | discovery_scan_options::read | /discovery_scan_options | Returns a list of discovery_scan_options. |
Web Application Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes |
|---|---|---|---|---|---|---|
| GET | n | create | create_form | discovery_scan_options::create | /discovery_scan_options/create | Displays a standard web form for submission to POST /discovery_scan_options. |