Exclude IP List from being scanned during Discovery Schedule

suvetha3 · ‎08-20-2020

Is there a way to exclude 20+ IP's from being scanned during Discovery other than adding in the "discovery_range_item_exclude" table. We have many discovery schedules and its a tedious process to enter all the 20 IP's in the exclusion list every time. Additionally, we don't want to change Script Include functions of Discovery or customizing Shazzam probes.

Any configurations that can be made in the MID Server will be helpful.

Harshal Gawali · ‎08-21-2020

Hello Suvetha,

Open discovery schedule record and in related list there is option "discovery IP ranges".

Click on IP range record and in related list of IP range record there is option "discovery range item exclude"

Create new record there for which IP range you want to exclude while discovery.

I hope it will help you.

Regards,

Harshal.

Harshal Gawali · ‎08-23-2020

Hello Suvetha,

Did this solve your question or do you need any help?

If solve your question, then Please close the thread as answered by marking appropriate reply as correct and helpful so that this thread can be closed and others can be benefited by this.

Regards,

Harshal.

suvetha3 · ‎08-27-2020

The solution suggested did not gave a permanent fix. As Laurent suggested below will be helpful

"We would like to have something like :

- a global exclusion 'object' that apply to all schedule AND to the quick discovery.

- a warning in the quick discovery to warn if the selected IP is in the exclusion list , and a way to force the discovery (for example to validate the scan no more generates problem on some device after a fix has been made)"

Laurent Dehove · ‎08-26-2020

Hello

we have the same concern as Suvetha regarding exclusion from Discovery.

The previous answers didn't solve our difficulties.

Our context is :

- Orlando version of servicenow

- several schedules executed once each day.

- one or several IP range in each schedule (some ranges are quite large, like /16, /15 or even /14 and /13 )

- Lots of exclusion to do for

- not scan some device because the scan is generating problem on the device

- not scan virtual IP which let discovery think the VIP's IP and name (FQDN) are the device IP.

- not scan some kind of device we don't want to discover at all

- not scan some device that are discovered by other way (like ESX that are discovery trough the vsphere)

Due to the spread of IP in the range, we cannot exclude a range, but have to exclude IP by IP.

The complexity is to find in which schedule (sometimes several) , in which IP range the exclusion have to be defined.

We would like to have something like :

- a global exclusion 'object' that apply to all schedule AND to the quick discovery.

- a warning in the quick discovery to warn if the selected IP is in the exclusion list , and a way to force the discovery (for example to validate the scan no more generates problem on some device after a fix has been made)

- an automatic configuration to add in the exclusionlist the IP from CI in a class ( load balancer services, cluster virtual IP, Virtual IP (custom))

doug_schulze · ‎08-26-2020

Be sure to post your product enhancements on the idea portal, they will get much more visibility there.