Nmap import found unmanaged assets

Usage and Config
1

(imported topic written by JRigas)

Hey everyone,

I have a couple questions about the nmap tool in Bigfix.

I ran a scan on a subnetwork (e.g. 10.10.10.0/24) and can see in the nmap xml file it found serveral assets.

Now, the assets don’t seem to appear in the unmanaged assets tab in the console and I was wondering if I can run the import task manually? If so, how?

Second question is: If I run a scan right after another scan has completed, will the import task still run?

I also was wondering what the “set archiver intervalseconds=xxxx” (or something like that) in the log file of the client means when the importer is running?

Thanks in advance!

2

(imported comment written by BenKus)

Hi Jani,

Assets that have the agent already installed are skipped during the import…

Ben

3

(imported comment written by JRigas)

Thanks for the reply.

Yes, I know, I did a scan on a subnetwork where no agents are installed.

4

(imported comment written by will.ware91)

I am having the same problem.

I deleted a list of unmanaged assets (I believe with the option that states that they will return if rediscovered) because they seemed to be outdated. The last scan time was months ago on many of the discovered machines and I just wanted a fresh list of data.

Nothing is appearing in the unmanaged asset tab now after I run nmap scans in the particular subnets multiple times.

I have installed the Nmap Asset Discovery Import Service through the wizard and have NMAP running every 2 hours just to try and collect data to import into the unmanaged asset list.

How can you tell bigfix not to skip over assets even if they’ve been discovered before? Or is there something else I may be doing wrong?

Thanks!

-Will

5

(imported comment written by kevin_friedheim)

Hi guys,

Q: can run the import task manually? If so, how?

A: I answered this here (http://forum.bigfix.com/viewtopic.php?id=9263)

Q: If I run a scan right after another scan has completed, will the import task still run?

A: Yes, the scans will all be consumed.

Q:what the “set archiver intervalseconds=xxxx” (or something like that) in the log file of the client means when the importer is running?

A: Basically, it resets the interval at which stuff gets uploaded from the client (endpoint) to the server – in this case, we want the scan file to be uploaded right away via the Archive Manager (source: http://support.bigfix.com/product/documents/Upload_Manager_70_090602.pdf).

Q: How can you tell bigfix not to skip over assets even if they’ve been discovered before? Or is there something else I may be doing wrong?

A: Here are some useful and informative links on how it all works and what steps you can take to configure…

http://support.bigfix.com/cgi-bin/kbdirect.pl?id=1623

http://support.bigfix.com/cgi-bin/kbdirect.pl?id=1624

Finally, I think both of you are seeing a very troublesome issue that has been around for some time - that is, if you have a firewall on the endpoint, nmap returns results to the Unmanaged Asset Importer Tool that look as though a TEM Agent is installed on the endpoint (e.g. Port 52311 is showing up as Open/Filtered).

If you wanted, you could set the registry key filteroutclients to 0 under HKLM\SOFTWARE\BigFix\Enterprise Server\AssetDiscovery\NMAP - this will tell the Unmanaged Asset Importer to show clients that have the TEM Agent installed and reporting in addition to those that are not (thus getting around the firewall issue). See http://forum.bigfix.com/viewtopic.php?id=1357 for another possible work around.