Actions and Discovered Assets
When you configure a discovery rule, you must select an action for the rule. The effect of that action depends on whether you are using the rule to discover data from a managed device or from a NetFlow exporter.
The following table describes what assets are discovered by rules with the specified action settings in those two scenarios.
Action |
Option |
Managed Device |
NetFlow Exporter |
---|---|---|---|
Exclude |
-- |
Excludes the specified network from monitoring. If the source or destination host for a connection is excluded from discovery, the connection is recorded but discovery events are not created for excluded hosts. |
Excludes the specified network from monitoring. If the source or destination host for a connection is excluded from discovery, the connection is recorded but discovery events are not created for excluded hosts. |
Discover |
Hosts |
Adds hosts to the network map based on discovery events. (Optional, unless user discovery is enabled, then required.) |
Adds hosts to the network map and logs connections based on NetFlow records. (Required) |
Discover |
Applications |
Adds applications to the network map based on application detectors. Note that you cannot discover hosts or users in a rule without also discovering applications. (Required) |
Adds application protocols to the network map based on NetFlow records and the port-application protocol correlation in
|
Discover |
Users |
Adds users to the users table and logs user activity based on traffic-based detection on the user protocols configured in the network discovery policy. (Optional) |
n/a |
Log NetFlow Connections |
-- |
n/a |
Logs NetFlow connections only. Does not discover hosts or applications. |
If you want the rule to monitor managed device traffic, application logging is required. If you want the rule to monitor users, host logging is required. If you want the rule to monitor exported NetFlow records, you cannot configure it to log users, and logging applications is optional.
Note | The system detects connections in exported NetFlow records based on the Action settings in the network discovery policy. The system detects connections in managed device traffic based on access control policy settings. |