Discovery Cycle
  • 29 Oct 2023
  • 3 Minutes to read
  • Dark
  • PDF

Discovery Cycle

  • Dark
  • PDF

Article Summary

Axonius runs a periodic automatic global discovery cycle that consists of several phases to pull and correlate the data from all adapters. The global discovery cycle schedule (for example, every 12 hours) is determined based on the system Lifecycle Settings.

You can also manually initiate a new global discovery cycle by clicking Discover Now on the top right corner of any page. The Discover Now button is only visible once one adapter is connected.

The latest global discovery cycle status is displayed in the System Lifecycle chart. The chart also displays the following details:

  • The number of hours until the next automatic discovery cycle starts.
  • The last discovery cycle's start and end timestamps.
  • The duration of the cycle.



Axonius also lets you configure individual discovery cycles for specific adapters and for specific adapter connections.

  • Adapter custom cycle - this cycle includes only the following phases:
    • Fetch assets / scanners
    • Clean
    • Correlation
  • Connection custom cycle - this cycle will include only the following phases:
    • Fetch assets / scanners

For more details, see Adapter Discovery Configuration.

Global Discovery Cycle Phases

The global discovery cycle (automatic and manual) consists of several sequenced phases:

  1. Fetch Assets

    • Data is pulled from all adapter connections, except for adapters of vulnerability assessment tools.
    • Adapters configured with a custom cycle are skipped.
    • Adapter connections configured with a custom cycle are skipped.
  2. Fetch Scanners

    • Data is pulled from all adapter connections of vulnerability assessment tools.
    • Devices that have the same IP address and have no other unique identifier (no hostname, MAC address, etc.) are correlated together.
    • Adapters configured with a custom cycle are skipped.
    • Adapter connections configured with a custom cycle are skipped.
  3. Clean Devices and other assets

  4. Pre-Correlation

  5. Correlation

    • The correlation engine runs and correlates relevant assets together.
  6. Post-Correlation

    • Vulnerabilities details are enriched from the vulnerability enrichments such as NIST National Vulnerabilities Database (NVD), CISA, EPSS (Exploit Prediction Scoring System) etc.
    • Users-device associations are created.
      • Last Used Users field is populated on devices with the user names associated with each device.
      • Last Used Users [XXXX] fields (for example, Last Used Users Email, Last Used Users Departments, and more) are populated based on the user fields and data of the Last Used Users associated with each device.
      • User assets are enriched with 'Associated Devices'.
      • Later you can query devices based on the associated user name or user department.
    • Preferred fields are recalculated.
    • Custom enrichment runs.
    • Enforcement sets scheduled to run at the end of each discovery cycle are executed.
    • Enforcement sets whose scheduled start times fell on the time that the discovery cycle was already running, but have the Wait until cycle ends option enabled, are executed now.
    • Reports are generated.
  7. Save Historical

    • Historical collected data is saved, based on the Historical Snapshot Scheduling Settings.
    • Historical data can be used in the dashboard, in the asset pages, and in the Users page to show insights on historical data.
    • If historical snapshot data has been configured to be saved at a specific time and not at the end of a discovery cycle, this phase is skipped.

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.