Discovery run types 1
There are three types of discovery run:
- Open—one shot dynamically extendable list of endpoints
- Snapshot—one shot fixed list of endpoints
- Scheduled—repeating fixed list of endpoints
Open discovery run
An open discovery run is a one shot extendable list of endpoints to scan. When an open discovery run is created the scan starts immediately. Unlike snapshot and scheduled discovery runs, an open scan can be extended with additional endpoints.
It is possible to add any number of endpoints to an open discovery run until midnight (appliance local time) on the same day the open discovery run was created.
Adding additional endpoints after midnight creates a new open discovery run. An open discovery run is completed when all the endpoints it contains have been scanned and the time is after midnight. Open discovery runs remove the need for Discovery to have very many small snapshot scans. You can create open discovery runs using the TPL function discovery.scan.
Snapshot discovery run
A snapshot discovery run is a one shot non-editable list of endpoints to scan. The scan starts immediately and runs to completion. You can create snapshot discovery runs using the UI, tw_scan_control or the external REST API.
Scheduled discovery run
A scheduled discovery run is a scheduled repeating list of endpoints to scan. The schedule and endpoints may be modified, though this cancels any associated active discovery run. A scan starts at the time given in the schedule. If the run completes within the scheduled time, the run waits the next schedule window to start again. If the run fails to complete within the scheduled time the run continues from where is stopped at the next schedule window. If all of the remaining endpoints have started scanning, and there is sufficient time in the schedule, a new discovery run will start. Thus it is possible to have multiple active discovery runs associated with a scheduled discovery run.
Scheduled discovery runs can be created using the UI or tw_scan_control.