Axonius Modbus Scanner - Scan Device
Axonius Modbus Scanner - Scan Device scans Modbus TCP devices and enriches them with metadata fetched by the Axonius Modbus TCP Scanner adapter, for:
- Assets returned by the selected query or assets selected on the relevant asset page.
How the action works:
-
The action scans known IP addresses returned by the query and correlates the discovered Modbus device information.
-
The scanner operates asynchronously and can scan multiple IP addresses concurrently based on the Max Concurrent Devices setting.
-
Discovered devices are correlated with existing assets in Axonius using the combination of IP address, port, and Unit ID.
-
The Inter-Packet Delay setting is particularly important when scanning older industrial control systems that may have limited buffer capacity.
-
IPv4 and IPv6 addresses are both supported.
-
Failed connection attempts are logged, but do not stop the scan from proceeding to other devices.
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
Note
- Not all asset types are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Aggregated Security Findings.
- See Actions supported for Software.
Required Fields
These fields must be configured to run the Enforcement Action.
- Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
- Configure Dynamic Values (optional) - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
-
IP Addresses - IP addresses or CIDR notation (for example, 192.168.1.0/24), separated by commas. The scanner will scan these IP ranges to discover Modbus TCP devices.
-
Use stored credentials from the Axonius Modbus TCP Scanner adapter - Select this option to use credentials from the adapter connection. By default, the first connection is selected.
-
When you select this option, the Select Adapter Connection drop-down becomes available. Select the adapter connection to use for this Enforcement Action.
- Note: You must complete the adapter configuration successfully before using a stored connection.
-
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Working with Axonius Compute Nodes.
Additional Fields
These fields are optional.
-
Port (default: 502) - Modbus TCP port to connect to. The standard Modbus TCP port is 502. Configure this value if your devices use a non-standard port.
-
Connection Timeout (seconds) (default: 5) - Timeout for each connection attempt in seconds. Increase this value for devices on slower networks or decrease it to fail faster on unreachable devices.
-
Unit ID (default: 1) - Modbus Unit ID (slave address) for querying devices. The default value 1 is the most common Unit ID. Consult your device documentation for the correct Unit ID if needed.
-
Max Concurrent Devices (default: 5) - Maximum number of devices queried simultaneously. Lower this value if network resources are constrained or increase it to scan faster on high-bandwidth networks.
-
Max Retries (default: 2) - Maximum number of retries per device if the initial connection attempt fails. Setting this to 0 disables retries.
-
Inter-Packet Delay (ms) (default: 100) - Delay between packets in milliseconds to prevent buffer overflows on operational technology (OT) networks. Increase this value for older or slower industrial devices.
Connection Settings
Connection and CredentialsWhen Use stored credentials from the adapter is toggled off, some of the connection fields below are required to create the connection, while other fields are optional.
- IP Addresses - IP addresses or CIDR notation (for example, 192.168.1.0/24), separated by commas.
- Port - Modbus TCP port (default: 502).
Gateway Name - Select the Gateway through which to connect to perform the action.
Scanner Protocols
Axonius uses the Modbus TCP protocol with Function Code 0x2B (Encapsulated Interface Transport) with MEI Type 0x0E (Read Device Identification) to query device information.
The scanner reads the following device identification objects:
- Basic Identification (Object IDs 0x00-0x02): Vendor Name, Product Code, Major/Minor Revision
- Regular Identification (Object IDs 0x03-0x06): Vendor URL, Product Name, Model Name, User Application Name
This enforcement action uses the pymodbus library for Modbus TCP communication.
Required Ports
Axonius must be able to communicate via the following ports:
- TCP port 502 (default Modbus TCP port, or the custom port specified in the configuration)
Required Permissions
The stored credentials, or those provided in Connection and Credentials, must have the necessary permissions to perform this enforcement action.
Version Matrix
This Enforcement Action was tested only with the versions marked as supported, but may work with other versions. Please contact Axonius Support if you have a version that is not listed and it is not functioning as expected.
| Device Type | Supported | Notes |
|---|---|---|
| Modbus TCP Devices (Generic) | ✓ | Any device supporting Modbus TCP with Read Device Identification (Function Code 0x2B, MEI 0x0E) |
For more details about other enforcement actions available, see Action Library.
Updated about 6 hours ago