Security

Reply
Super Contributor II
Posts: 353
Registered: ‎02-22-2011

Pre-populate Endpoint database with Subnet / Endpoint Scan

Is it possible to combine the actions of the subnet scan and the NMAP plugin to pre-populate the endpoint database without using an Alert on a service policy.

 

It would be great for pre-scanning a network so that you know what device types to include in your role mapping / enforcement profiles. 

Super Contributor II
Posts: 353
Registered: ‎02-22-2011

Re: Pre-populate Endpoint database with Subnet / Endpoint Scan

Also can you force start a subnet scan?

Moderator
Posts: 477
Registered: ‎11-09-2012

Re: Pre-populate Endpoint database with Subnet / Endpoint Scan

Hey Scott,

 

This and a lot of other things will be in 6.5.... you should have your hands on the code in the next few days :-)

 

Does this help you?

 

ClearPass_Policy_Manager_-_Aruba_Networks.jpg

 

 


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Super Contributor II
Posts: 353
Registered: ‎02-22-2011

Re: Pre-populate Endpoint database with Subnet / Endpoint Scan

Hi Danny,

 

Thats great news!

 

Looking forward to 6.5 even more now!

 

Scott

Super Contributor II
Posts: 353
Registered: ‎02-22-2011

Re: Pre-populate Endpoint database with Subnet / Endpoint Scan

One more question, in 6.4, is there any way to validate a scan has taken place? I've set one up and i know there are devices on the subnet i'm scanning but i've returned no results in the endpoint database. 

 

Moderator
Posts: 477
Registered: ‎11-09-2012

Re: Pre-populate Endpoint database with Subnet / Endpoint Scan

Scott,

 

The scan in 6.4 is a snmp scan and the interval is on the cluster-wide settings [default-24-hours, minimum of 6-hours].... we should post a message ot the event-log when this runs from memory....

 

In 6.5 we are adding a lot more scanning options.... again hope some of this helps.....

 

We can add multiple snmp community-strings to check, previously it was only public.... now we can add as many as required and specific their type V2,V2c,V3 etc.

 

We will also 

 

 

 


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Super Contributor II
Posts: 353
Registered: ‎02-22-2011

Re: Pre-populate Endpoint database with Subnet / Endpoint Scan

Thanks Danny!
Search Airheads
Showing results for 
Search instead for 
Did you mean: