Discovery AWS issue

H3ll0 Th3r3 · ‎12-18-2018

Hi Everyone!

I'm trying to figure out how to run discovery on AWS. Right now, I have an EC2 instance with a MID server on it and another EC2 instance that is just a plain windows 2012 server. Both servers are on the same subnet. The MID server appears to be properly linked to my ServiceNow instance.

I've tried to do Quick Discovery using the MID server and both the public & private IPs of the windows 2012 EC2 instance. Every time I try, it completes and Shazzam logs a warning saying "[ip of destination server is here] is not a reachable host (no response to target ports scanned by MID)."

I am not really sure what to do. I just want to set up some screen shots of what discovery can do for presentation purposes. Do I need to run something on the Windows 2012 instance? Do I need to open up certain ports? I tried adding my AWS credentials in the Discovery>Credentials module.

Any advice on what my next steps should be?

Thanks in advance!

DaveHertel · ‎12-18-2018

Hi - if you are simply trying to use your Windows MID server (within AWS) to discover other IP's in the AWS subnet, be sure to enable the AWS security groups (SG) to allow IP comm between MID and targets. By default AWS isn't going to allow traffic to flow, even on subnets you've defined in your VPC.

Example: on my AWS lab playground, I defined a Security Group that allows all internal (private IPs) to talk to teach other, on any port. Of course you can restrict it more, but for a lab test I've allowed all local private subnets and ports to freely communicate. Note - not PUBLIC IP's... just private subnets defined within the VPC. By allowing all private IPs & ports to communicate, it reduces some of the hassle in a lab setting but of course, in a real-world scenario you'd want to be much more restrictive.

You can see in the screenshot other SG rules too, but for what you've described, a single SG might suffice?

Note: This is NOT Discovering Cloud resources via cloud-based discovery. Rather, this example is just empowering traditional horizontal based discovery, but within the context aws-cloud-based subnets...

Does this help?

View solution in original post

DaveHertel · ‎12-20-2018

Hi - Did setting up Security Groups in AWS help? If you open up all the private IPs & ports, it should allow all internal communication to flow from MID to targets...

If this helped your issue, please acknowledge this by clicking Helpful -- this encourage community participation and helps others with similar issues to find possible solutions. Thanks!