How can I view the Discovery blacklist?

Josh Smith · ‎12-15-2021

Hello. I have been fighting with getting consistent, SUCCESSFUL discoveries completed and it seems like there are many issues around classification and identification that are still lingering. With that being said, I have noticed a lot of inconsistencies between my test instances vs production instance in regards to successful network scans. Which has led me to wonder if I have CI's or, even complete networks that have been blacklisted for some reason. Some CI's/Networks are successful in the test instance but not in production, yet there is nothing different between the 2 as far as configuration goes.

This has been very challenging so any help would be very appreciated.

Appli · ‎12-15-2021

Hi, please check MID servers first. Do you use different MID servers (one for Test another - for Prod), if so - are they placed to the same IP segment of the Customer network and if the same IP address ranges / capabilities are specified in those MID servers?

Hope it helps

Josh Smith · ‎12-15-2021

Thank you for your reply. As I said, everything is the same on configuration. Same networks, same capabilities, etc.

Appli · ‎12-15-2021

Thank you! May you please share Ok and NOk discovery logs where the same target IP is being discovered?

Hope it helps

Josh Smith · ‎12-15-2021

Well there are 2 examples and both are different. There are 2 CI's that are skipped as "extra IP's" in production that are added in test just fine. The other example is that the networks are skipped entirely in the discovery process. The IP's are not even attempted in the logs.