-
Notifications
You must be signed in to change notification settings - Fork 0
N Central Asset Scans
N-Central has three types of asset scans that are sued to update data associated to that device in the UI.
Simple Scan - Run on agent startup
Scheduled (Daily) Asset Scan - A Recurring scan that is configured on a device. By default this is set to a similar timing to when the agent was installed on the device (+/- 15min?), but can be manually adjsuted per device.
Discovery Asset Scan - A scan performed against an ip address as part of a discovery job, and normally used for agentless devices. If there is a device associated to that ip address, then it should receive an updating of asset data.
Each of these scans differs in the data that they will gather and update. The Windows Agent startup scan does not pull in as much data as the scheduled asset scan covers some basic points. For a more detailed understanding:
Simple Scan: When a simple scan is performed, it detects the current logged in user, checks if a reboot is needed, pulls + validates the asset tag from WMI, Registry and NcentralAsset.xml. It then goes on to detect if Chrome is installed and evaluate the Chrome profile too.
Full Scan: With the full scan it first checks if snmp is enabled for the device in N-central. If that is the case, then it will perform a local SNMP discovery. With this it determines the hardware information like MAC address, CPU info, Hard Disk, Physical Memory information, SNMP interface data, etc.
It then goes on to determine:
- Device Name
- Primary IP and/or FQDN
- Storage Volume metadata
- Physical Memory
- Media Access Device(s)
- Installed services
- Operating System - ReportedOS, CSDVersion, ServicePackMajor, ServicePackMinor, SerialNumber, Version, OSType, OSArchitecture, OperatingSystemSKU, OSProductSuite, OtherTypeDescription, SuiteMask, LastBootUpTime, TimeSystemUp, LicenseKey, LicenseType, InstallDate, Publisher, WProductType
- Interface - ifIndex, InterfacePort, InterfaceTypeID, ifAlias, ifSpeed
- MIBOID
- Cucmdiscovery
- PhyEntity - Index, Model, Serialnumber, Manufacturer
- snmpdiscoveryresult - version, community, userName, contextName, authType, authPassword, encryptionType, encryptionPassword, timeout, retry, port NetworkAdapterConfig - MACAddress, IPAddresses, AdapterType, Description, HostName, Gateway, DNSServer, DHCPServer
- NetworkAdapter - MACAddress, AdapterID, Description, WakeOnLan, SpeedMb, AdapterType, Manufacturer, PNPDeviceID
- ComputerSystem - NetbiosName, Domain, TotalPhysicalMemory, Version, Manufacturer, Model, SerialNumber, wirelessmanagementstate, SystemType, PopulatedMemory_Slots, TotalMemory_Slots, ChassisType, UUID, Timezone, productnumber
Now with the SNMP discovery complete, it performs a WMI scan, pulling from:
- Win32NetworkAdapter
- Win32NetworkAdapterConfiguration
- Win32ComputerSystem
- Win32OperatingSystem - OS Version then Full
- Win32ComputerSystemProduct
- Win32DiskDrive
- Win32CDROMDrive
- Win32PhysicalMedia
- Win32LogicalDisk
- Win32VideoController
- Win32Processor
- Win32Service
- Win32NetWorkConnection
- Win32PageFile
- Win32Share
- Win32Battery
- Win32SystemEnclosure
- Win32PhysicalMemory
- Win32PhysicalMemoryArray
- Win32BaseBoard
- Win32USBController
- Win32Printer
- Win32QuickFixEngineering
- SoftwareLicensingProduct
- Win32BIOS
- Win32ServerFeature
- Win32Environment
- MSVMComputersystem
- Win32ApplicationPool
- Win32WebService
- Win32Smart
- Win32WebServiceCache
- Win32Ftp
- Win32MicrosoftFtp
- Win32DHCP
- Win32DNS
- Win32NLB
- Win32PerfLogicalDisk
- Win32ClusterGroup
- Win32ClusterNetworkInterface
- Win32ClusterNetwork
- Win32ClusterNodes
- Win32ClockDrift
- Win32ExchangeDatabaseName
- Win32ExchangeDatabaseInstance
- MSLync
- MSSharePoint
- FSecure
- MSSystemInfomration
Then pull information from the registry:
- LicenseInfo
- Uninstall - installed apps
- DotNetDWORD
- InternetExplorerVersion
- InternetExplorerNewerVersion
- UninstallAllUsers
- PowerShellVersion3
It then goes on to process this information and then pass this back to N-central.