Discovery Cycle
  • 24 Feb 2022
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Discovery Cycle

  • Dark
    Light
  • PDF

Axonius runs a periodic automatic global discovery cycle that consists of several phases to pull and correlate the data from all adapters. The global discovery cycle schedule (for example, every 12 hours) is determined based on the system Lifecycle Settings.

You can also manually initiate a new global discovery cycle by clicking Discover Now on the top right corner of any page. The Discover Now button is only visible once one adapter is connected.



The latest global discovery cycle status is displayed in the System Lifecycle dashboard chart. The chart also displays the following details:

  • The number of hours until the next automatic global discovery cycle starts
  • The timestamp of the last global discovery cycle start (whether the cycle was automatic or if was manually initiated by a user)
  • The timestamp of the last global discovery cycle finish (whether the cycle was automatic or if was manually initiated by a user)

image.png

NOTE

Axonius also lets you configure individual discovery cycles for specific adapters and for specific adapter connections.

  • Adapter custom cycle - such cycle will include only the following pages:
    • Fetch devices and users / scanners
    • Clean
    • Correlation
  • Connection custom cycle - such cycle will include only the following pages:
    • Fetch devices and users / scanners
    • Correlation

For more details, see Adapter Discovery Configuration.

Global Discovery Cycle Phases

The global discovery cycle (automatic and manual) consists of several sequenced phases:

  1. Fetch Devices and Users
    • Data is pulled from all adapters connections, except for adapters of vulnerability assessment tools.
    NOTE
    • Adapters configured with a custom cycle are skipped.
    • Adapter connections configured with a custom cycle are skipped.
  2. Fetch Scanners
    • Data is pulled from all adapters connections of vulnerability assessment tools.
    • Devices that have the same IP address and have no other unique identified (no hostname, MAC address, etc.) are correlated together.
    NOTE
    • Adapters configured with a custom cycle are skipped.
    • Adapter connections configured with a custom cycle are skipped.
  3. Clean Devices
    NOTE
    • Adapters configured with a custom cycle are skipped.
  4. Pre-Correlation
  5. Correlation
    • The correlation engine runs and correlates relevant assets together.
  6. Post-Correlation
    • Vulnerabilities details are enriched from NIST National Vulnerabilities Database (NVD)
    • Users-devices associations are created.
      • Last Used Users field is populated on devices with the user names associated with each device.
      • Last Used Users [XXXX] fields (e.g., Last Used Users Email, Last Used Users Departments, and more) are populated based on the user fields and data of the Last Used Users associated with each device.
      • Users assets are enriched with 'Associated Devices'.
      • Later you can query devices based on the associated user name or user department.
    • Preferred fields are recalculated.
    • Reports are generated
    • Enforcements sets scheduled to run in the end of each discovery cycle are executed.
    • Custom enrichment runs.
  7. Save Historical
    • Historical collected data is saved, based on the Historical Snapshot Scheduling Settings.
    • Historical data can be used in the dashboard and in the Devices page and in the Users page to show insights on historical data.
    NOTE
    • If historical snapshot data has been configured to be saved at a specific time and not in the end of a discovery cycle, this phase will be skipped.

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.