Performing a discovery run

You can start an immediate discovery or a scheduled discovery run by clicking the Add New Run link from the Manage > Discovery status page. You can perform the following actions for a run:

• Specify the IP address or range to scan during a normal discovery run.

• Specify if you want to perform the scan using a scope, or a registered Outpost. This is available only when you select the Targeting type as IP Address and you have one or more scopes defined or at least two Outposts are installed and registered.

• Specify the cloud provider for performing a cloud scan.

• Schedule a discovery run to occur at any time and for a specified amount of time. For example, you might want to schedule a scan during off hours to avoid the risk of touching critical applications.
• Enable or disable individual scheduled discovery runs.
• Assign a company name to a discovery run.

For immediate runs, you can scan specified addresses or ranges immediately, whether or not a regular discovery run is in progress. The specified addresses or ranges are scanned automatically and as soon as possible. 

The following image illustrates the process flow for a Snapshot or Scheduled run by using the IP Address option:

See this video (07:19) for a demonstration of how you can perform snapshot and scheduled scans for IP addresses and cloud resources:

 https://youtu.be/taftkk5Xnqw

To perform a snapshot discovery run of IP addresses or ranges  

1. On the Manage > Discovery page, click Add New Run.

   

2. Enter the information for the snapshot discovery run in the fields.

   Field name	Details
   Label	Enter a label for the discovery run. Where the discovery run is referred to in the UI, it is this label that is shown.
   Timing	Select the run type, one of: Snapshot — The run is performed immediately. Scheduled — The run is performed according to the scheduling information you enter. For this snapshot scan, select Snapshot.
   Targeting	Select the target for the discovery run. This is one of: IP Address — Enter IP address information. Cloud — Enter cloud provider information. API — Enter API provider information. For this snapshot scan of IP addresses or ranges, select IP Address. For more information on cloud discovery and the supported cloud providers, see Discovering cloud services. For more information on using API providers for discovery and the supported API providers, see Discovering services with API providers.
   Restrict by Organization	This field is available only if you have enabled the Enable Restricted Organizations setting in the Administration > Other Settings UI. For more information, see Configuring discovery settings. Select the organization that you want to use for the scan. The organizations available in the list are limited to those organizations of which the logged-in user is a member. The organization you select impacts the Outposts available in the scope via field. For more information, see Outposts restricted by organizations.
   Range	Select the scope and Outpost to use for the scan. • From the scope list, select the scope. If no scopes are defined, then you can only choose the Default scope. • From the scanner list, select the Outpost to use. The default is Anything suitable, meaning that any one from the list of available Outposts is used. When you select a scope, the scanner list is repopulated with only those Outposts that can scan the scope you selected. Similarly, when you select a particular Outpost, the scope list is repopulated with the scope of the selected Outpost. Enter IP address information in one of the following formats: • IPv4 address (for example 192.168.1.100). Labelled v4. • IPv6 address (for example 2001:500:100:1187:203:baff:fe44:91a0). Labelled v6. • IPv4 range (for example 192.168.1.100-105, 192.168.1.100/24, or 192.168.1.*). Labelled v4. Note Scanning the following address types is not supported: • IPv6 link local addresses (prefix fe80::/64) • IPv6 multicast addresses (prefix ff00::/8) • IPv6 network prefix (for example fda8:7554:2721:a8b3::/64) • IPv4 multicast addresses (224.0.0.0 to 239.255.255.255) • IP addresses using the CIDR /32 suffix (192.168.0.1/32). Remove the suffix (192.168.0.1) As you enter text, the UI divides it into pills (discrete editable units), when you enter a space or a comma. According to the text entered, the pill is formatted to represent one of the previous types or presented as invalid. Pills are not supported in Opera.
   Level	Select one of the following levels: • Sweep Scan—Tries to determine what is at each endpoint in the scan range and attempts to log in to a device to determine the device type. • Full Discovery—Retrieves all default information for hosts, and complete full inference.
   Ping	Select a ping for the discovery run to be performed. This can be: • Use default—Default value to perform the discovery run. • Ping before scanning—Allows ping before scanning • Do not ping before scanning—Does not ping before scanning. This option should be selected for cloud discovery as public IP addresses do not respond to ICMP pings. All cloud scans would be dropped reporting no response.
   Cloud Host Detection	Select whether to perform cloud host detection as part of the scan. Cloud host detection determines the type of cloud (Amazon Web Services, Google Cloud Platform, and so on) on which the target is running. Cloud host detection is an unnecessary step for a scan, for example, if you are scanning hosts on a subnet that you know is not hosted in a cloud. You can disable cloud host detection for individual IP Address scans, which should reduce the time taken for those scans.  To disable cloud host detection, select Disabled.  To enable cloud host detection, select Enabled. This is the default option.
   VMware Guest Scanning	Select whether to discover the guest hosts that are managed by vCenter, even if those hosts are not accessible from the BMC Discovery Outpost you are using.
   Session logging	Choose whether to enable session logging for this scan. Session logging captures raw discovery data that can be used to diagnose discovery and data quality issues. The default is not to capture session logs. You need to capture session logs only when raising a case with Customer Support.
   Company	If you have CMDB synchronization configured with multi-tenancy, select the company to which to assign the discovery run.

3. Click OK.
   The Currently Processing Runs tab is displayed with the new discovery run.

To perform a snapshot cloud discovery run  

1. On the Manage > Discovery page, click Add New Run.
2. In the Timing field, select Snapshot.

3. In the Targeting field, select Cloud.

   

4. Enter the information for the snapshot cloud discovery run in the fields.
   

   Field name	Details
   Label	Enter a label for the discovery run. Where the discovery run is referred to in the UI, it is this label that is shown.
   Timing	Select the run type, one of: Snapshot — The run is performed immediately. Scheduled — The run is performed according to the scheduling information you enter. For this snapshot scan, select Snapshot.
   Targeting	Select the target for the discovery run. This is one of: IP Address — Enter IP address information. Cloud — Enter cloud provider information. API — Enter API provider information. For this cloud scan, select Cloud.
   Restrict by Organization	This field is available only if you have enabled the Enable Restricted Organizations setting in the Administration > Other Settings UI. For more information, see Configuring discovery settings. Select the organization that you want to use for the scan. The organizations available in the list are limited to those organizations of which the logged-in user is a member. The organization you select impacts the Outposts available in the scope via field. For more information, see Outposts restricted by organizations.
   Provider	Select the type of cloud provider such as Amazon Web Services or Microsoft Azure. The dialog refreshes with fields appropriate to the provider selected.
   Alibaba Cloud
   Company	If you have CMDB synchronization configured with multi-tenancy, select the company to which to assign the discovery run.
   Credential	Select the credential to use for the discovery run. The list is populated with valid credentials for the selected provider.
   Regions	Select the region or regions to scan. Click List of regions to scan for full list and select regions from there.
   Session logging	Choose whether to enable session logging for this scan. Session logging captures raw discovery data that can be used to diagnose discovery and data quality issues. The default is not to capture session logs. You need to capture session logs only when raising a case with Customer Support.
   Amazon Web Services
   Company	If you have CMDB synchronization configured with multi-tenancy, select the company to which to assign the discovery run.
   Credential	Select the credential to use for the discovery run. The list is populated with valid credentials for the selected provider.
   Regions	Select the region or regions to scan. Click List of regions to scan for full list and select regions from there. Amazon Web Services (AWS) also provides service and regulatory domain groups to scan, enabling you to select all regions in that service or domain.
   Systems Manager Sessions	Select whether to enable use of the AWS Systems Manager for the scan.
   Sessions Per Second	Select the number of AWS sessions permitted each second. The default value is three.
   Active Sessions	Select the number of active AWS sessions permitted each second. The default value is five.
   Session logging	Choose whether to enable session logging for this scan. Session logging captures raw discovery data that can be used to diagnose discovery and data quality issues. The default is not to capture session logs. You need to capture session logs only when raising a case with Customer Support.
   Google Cloud platform
   Company	If you have CMDB synchronization configured with multi-tenancy, select the company to which to assign the discovery run.
   Credential	Select the credential to use for the discovery run. The list is populated with valid credentials for the selected provider.
   Regions	Select the region or regions to scan. Click List of regions to scan for full list and select regions from there.
   Identity-Aware Proxy Sessions	Select whether to enable use of the Google Cloud platform (GCP) Identity-Aware Proxy for the scan.
   Active Sessions	Select the number of active GCP sessions permitted each second. The default value is 50.
   Session logging	Choose whether to enable session logging for this scan. Session logging captures raw discovery data that can be used to diagnose discovery and data quality issues. The default is not to capture session logs. You need to capture session logs only when raising a case with Customer Support.
   IBM Cloud, Microsoft Azure, and OpenStack
   Company	If you have CMDB synchronization configured with multi-tenancy, select the company to which to assign the discovery run.
   Session logging	Choose whether to enable session logging for this scan. Session logging captures raw discovery data that can be used to diagnose discovery and data quality issues. The default is not to capture session logs. You need to capture session logs only when raising a case with Customer Support.
   Credential	Select the credential to use for the discovery run. The list is populated with valid credentials for the selected provider.
   Regions	Google Cloud platform and IBM Cloud only Select the region or regions to scan. Click List of regions to scan for full list and select regions from there.
   Regulatory Domain	Microsoft Azure only Select the Regulatory Domain to scan from the list.
   URL	OpenStack only The URL for the Keystone Service
   Oracle Cloud Infrastructure
   Company	If you have CMDB synchronization configured with multi-tenancy, select the company to which to assign the discovery run.
   Credential	Select the credential to use for the discovery run. The list is populated with valid credentials for the selected provider.
   Regions	Select the region or regions to scan. Click List of regions to scan for full list and select regions from there.

To perform a snapshot API provider discovery run 

1. On the Manage > Discovery page, click Add New Run.
2. In the Timing field, select Snapshot.

3. In the Targeting field, select API.

   

4. Enter the information for the snapshot API provider discovery run in the fields.

   Field name	Details
   Label	Enter a label for the discovery run. Where the discovery run is referred to in the UI, it is this label that is shown.
   Timing	Select the run type, one of: Snapshot — The run is performed immediately. Scheduled — The run is performed according to the scheduling information you enter. For this snapshot scan, select Snapshot.
   Targeting	Select the target for the discovery run. This is one of: IP Address — Enter IP address information. Cloud — Enter cloud provider information. API — Enter API provider information. For this API provider scan, select API.
   Provider	Specify the type of API provider. Currently, BMC Helix Discovery supports the following providers: Kubernetes/OpenShift Cluster MongoDB Atlas Rancher Managed Kubernetes Clusters
   Restrict by Organization	This field is available only if you have enabled the Enable Restricted Organizations setting in the Administration > Other Settings UI. For more information, see Configuring discovery settings. Select the organization that you want to use for the scan. The organizations available in the list are limited to those organizations of which the logged-in user is a member. The organization you select impacts the Outposts available in the scope via field. For more information, see Outposts restricted by organizations.
   Credential	The list is populated with valid credentials for the selected provider. Select the credential or credentials to use for the discovery run.

5. Click OK to start the run.

To schedule a discovery run

1. On the Manage > Discovery page, click Add New Run. 

2. For the Timing field, select Scheduled.
   The dialog is expanded to display the Frequency, Start, and End menus.

   

3. In the fields provided, enter information for the scheduled scan.

   Field name	Details
   Label	Enter a label for the discovery run. Where the discovery run is referred to in the UI, this label is shown.
   Timing	Select the run type, one of: Snapshot — The run is performed immediately. Scheduled — The run is performed according to the scheduling information you enter. For this scheduled scan, select Scheduled. For information on the scheduling controls, see Scheduling Options in this table.
   Targeting	Select the target for the discovery run. This is one of: IP Address — Enter IP address information. Cloud — Enter cloud provider information. API — Enter API provider information. Enter the details for the discovery run. See the appropriate snapshot run information for details on the information required: IP Address — See To perform a snapshot discovery run of IP addresses or ranges. Cloud — See To perform a snapshot cloud discovery run. API — See To perform a snapshot API provider discovery run.
   Restrict by Organization	This field is available only if you have enabled the Enable Restricted Organizations setting in the Administration > Other Settings UI. For more information, see Configuring discovery settings. Select the organization that you want to use for the scan. The organizations available in the list are limited to those organizations of which the logged-in user is a member. The organization you select impacts the Outposts available in the scope via field. For more information, see Outposts restricted by organizations.
   Range	Select the scope and Outpost to use for the scan. • From the scope list, select the scope. If no scopes are defined, then you can only choose the Default scope. • From the scanner list, select the Outpost to use. The default is Anything suitable, meaning that any one from the list of available Outposts is used. When you select a scope, the scanner list is repopulated with only those Outposts that can scan the scope you selected. Similarly, when you select a particular Outpost, the scope list is repopulated with the scope of the selected Outpost. Enter IP address information in one of the following formats: • IPv4 address (for example 192.168.1.100). Labelled v4. • IPv6 address (for example 2001:500:100:1187:203:baff:fe44:91a0). Labelled v6. • IPv4 range (for example 192.168.1.100-105, 192.168.1.100/24, or 192.168.1.*). Labelled v4. Note Scanning the following address types is not supported: • IPv6 link local addresses (prefix fe80::/64) • IPv6 multicast addresses (prefix ff00::/8) • IPv6 network prefix (for example fda8:7554:2721:a8b3::/64) • IPv4 multicast addresses (224.0.0.0 to 239.255.255.255) • IP addresses using the CIDR /32 suffix (192.168.0.1/32). Remove the suffix (192.168.0.1) As you enter text, the UI divides it into pills (discrete editable units), when you enter a space or a comma. According to the text entered, the pill is formatted to represent one of the previous types or presented as invalid. Pills are not supported in Opera.
   Level	Select one of the following levels: • Sweep Scan—Tries to determine what is at each endpoint in the scan range and attempts to log in to a device to determine the device type. • Full Discovery—Retrieves all default information for hosts, and complete full inference.
   Ping	Select a ping for the discovery run to be performed. This can be: • Use default—Default value to perform the discovery run. • Ping before scanning—Allows ping before scanning • Do not ping before scanning—Does not ping before scanning. This option should be selected for cloud discovery as public IP addresses do not respond to ICMP pings. All cloud scans would be dropped reporting no response.
   Cloud Host Detection	Select whether to perform cloud host detection as part of the scan. Cloud host detection determines the type of cloud (Amazon Web Services, Google Cloud Platform, and so on) on which the target is running. Cloud host detection is an unnecessary step for a scan, for example, if you are scanning hosts on a subnet that you know is not hosted in a cloud. You can disable cloud host detection for individual IP Address scans, which should reduce the time taken for those scans.  To disable cloud host detection, select Disabled.  To enable cloud host detection, select Enabled. This is the default option.
   Session logging	Choose whether to enable session logging for this scan. Session logging captures raw discovery data that can be used to diagnose discovery and data quality issues. The default is not to capture session logs. You need to capture session logs only when raising a case with Customer Support.
   Company	If you have CMDB synchronization configured with multi-tenancy, select the company to which to assign the discovery run.
   Scheduling options
   Public	(Available only for a Scheduled run, where the Targeting type is set to IP Address.) Select this check box to enable TPL patterns to initiate scans on IP addresses in this range. Patterns use the TPL discovery.scan function to scan the IP addresses. The IP address can be scanned by patterns even when the scheduled scan enabled time window is not in force.
   Frequency	Select a frequency for the discovery run to be performed: • Weekly by day of week • Once per week • Monthly by day of month • Monthly by week of month
   Start	Based on the selected scan frequency, different options are available to start scheduled scans. Discovery must be running at this time. • Weekly by days of week—You are provided with buttons for each day and drop-down menus for the start time in hours and minutes. You can select one or more days from the day buttons. The selected buttons appear with a yellow border. • Once per week—Select the day of the week and the start time in hours and minutes. • Monthly by day of month—Select the day of the month and the start time in hours and minutes. • Monthly by week of month—Select the week, the day of the week, and the start time in hours and minutes. For example, to start a scheduled weekly discovery run that starts on Friday at 19:30 hrs and continues until Saturday, do the following: Select the scan frequency as Weekly by days of week. Click the F and S day buttons. From the time drop-down menu, select 19 hours and 30 minutes.
   End	You can end a scheduled scan when it is completed by selecting when completed. Alternatively, use the available option to end the scan which is based on the selected scan frequency. If the duration of the end time expires before the scan has completed, then the scan is suspended until the next scheduled time that the scan occurs. The scan resumes from the point at which it was previously suspended. • Weekly by days of week—Select the end time in hours and minutes. • Once per week—Select the day of the week and time to end the scan. • Monthly by day of month—Select the day of the month and the time to end the scan. • Monthly by week of month—Select the number of days and the time within which the scan must end. For example, to end a scheduled weekly discovery run that starts on Friday at 19:30 hrs and continues until 21 hours 30 minutes on Saturday (see the example for the Start field in the previous row), select 21 hours and 30 minutes from the Time drop-down menu.

4. Click OK.
   The Scheduled Runs tab is displayed with the new scheduled discovery run.
5. (Optional) To add another scan to the page, click Add New Run. 
6. (Optional) To delete an existing scheduled scan, select the entry and click Delete.

To edit an existing scheduled run 

You can edit an existing scheduled run. If the run is in progress, it is automatically canceled when you edit it.

1. From the Scheduled Runs tab of the Discovery Status page, click the scheduled run that you want to edit.
   If the run is currently in progress, it is canceled if you make and apply any changes.
   The dialog displays all the fields described in the previous table, all of which can be edited.
2. Make the required changes and click OK.

To enable or disable a scheduled run 

You can enable or disable scheduled discovery runs in the following ways.

From the Scheduled Runs tab of the Discovery Status page

You can select individual, multiple, or all runs to enable or disable. If the run is in progress, it is canceled if you make and apply any changes.

1. From the Scheduled Runs tab of the Discovery Status page, select the scheduled runs that you want to enable or disable.
   You can select all scheduled runs by using the check box in the header row.
2. Click Enable to enable the runs, or Disable to disable the runs.

Scans enabled in this way do not run until the next scanning window, even if a scanning window is currently open.

From the Edit Scheduled Run dialog

You can edit an existing scheduled run. If the run is in progress, it is automatically canceled when you edit it.

1. From the Scheduled Runs tab of the Discovery Status page, click the scheduled run that you want to edit.
   If the run is currently in progress, it is canceled if you make and apply any changes.
   The dialog displays all of the fields described in the previous table, all of which can be edited.
2. Select or deselect the Enabled check box to enabled or disable the scheduled run.
3. Make any additional changes that you require, and click OK.

Scans enabled in this way run in the current scanning window, if it is open.