Create an Auto Query

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:8分

    • Create an Auto Query that you can run on demand for different Discovery Console for OT Assets.

    始める前に

    Role required: admin

    手順

    1. Navigate to Assets > Auto Query.
    2. Select the add icon .
    3. For the Identification section, use the automatically provided name or create your own name.
      注:
      If you use an IP address that is already in the system as the new Asset identification, you receive an error message.
      Error message
      Be sure to use an IP address that is not in the system already.
    4. Select Next.
    5. In the Assets section, choose from Assets and Targets.
      The Assets to Query section lists the following choices:
      • Existing Assets
      • New Assets Only
      • Incremental
      • Asset Discovery
      • Asset Discovery & Query
      The default Asset selection is Existing Assets.

      When Existing Assets is selected for a query, the query uses the asset's IP address and Network Zone as its unique identifier. This allows the asset's IP address to exist across multiple Network Zones.


      Existing Assets
    6. From the Targeted Sensors list choose from the following:
      Targets refers to Sensors and Collectors.
      • All Sensors
      • Specific Sensors
      • Auto Targeting
      The default Targets selection is All Sensors. All Sensors uses all available Sensors and Collectors for the query. Specific Sensors uses only the selected Sensor and Collectors for the query. Auto Targeting tries to intelligently assign targets to Sensors and Collectors based on the query. It is designed to help manage complex deployments.
    7. Select Next
    8. In the Filters section, select the filters as needed.
      These filters help with the query selections. Filters include the following categories.
      注:
      Some options in this section are only visible when the Assets selection is set to Existing Assets or Incremental. When the selection is Asset Discovery or Asset Discovery & Query, a few options are disabled.
      • Sites

        Site rules override global behavior when the Site filter is selected. If no site rules matches the Asset, the query skips the Asset.

        注:
        The Console automatically generates a default site. This is in case no Sites have been previously created. You can select the Console-generated site when using the Sites filter to select specific sites.

        Console-generated Site
      • Ports
      • Ethernet Vendors
      • Brands
      • Inbound Protocols
      • Outbound Protocols
      • Network
      • Ignore Networks
        注:
        The Ignore Networks filter allows you to select an IP range or individual IP addresses to ignore during the query.
        Add networks to ignore
      • Hostnames
        The Hostnames filter uses the hostname of the Asset and Targets the Asset based on the specified hostname information. To use this filter, select No Filter (default selection) or one of these options:
        • Empty/Null: Queries Assets where the Hostname field is empty or null.
        • Exact: Matches Assets whose Hostname equals any of the values you add. There is a field to type in a Hostname. All hostnames are included in this query unless you add at least one value.
        • Contains: Matches Assets whose Hostname contains any of the substrings you add. There is a field for adding a value. All hostnames are included in this query unless you add at least one value.

        Hostnames filter
    9. Choose a filter and then select Next.
    10. In the Query Types section, select the applicable query types as needed.
      • A Simplified query is a small list of easy-to-understand queries that should cover most possible scenarios. Most users start with this type of query.
        Simplified query types
        注:
        The simplified Auto Query type Full Page Extraction updates the query to perform a full extraction of your Target landing page. That means, this type of query includes both the screenshot and the HTML information.
      • Advanced query: presents the list of all available auto queries. As some of these queries can be riskier, require more technically complicated to understand, or specific to certain devices; these queries are recommended only for advanced users.
      Advanced Query types
    11. オプション: You can set up the Auto Query scan to include all open ports.
      To do this, select both or either the UDP Port Enumeration and/or TCP Port Enumeration (highlighted in the previous image) from the Advanced Query Types. Each scan determines all open ports for their two respective protocols.
      注:
      For these query types to be available, ensure your ScanScripts.json driver is up to date; if not, upload the latest version of this driver. For information about Query drivers, see Edit the Query Driver on Metadata tab.
    12. Select Next
    13. オプション: In the Classification section, select from the following.

      Classifications
      • Brand based on MAC address: Assigns brand based on MAC address range match.
      • Brand based on OCR words: Attempts to assign brands based on strings extracted by the OC. Fuzzy word search is supported.
      • Console Hostname Look up: Attempts to determine an Asset's hostname based on its IP address.
      • Location: Sets a label and the location field with Site name.
      • Unknown: Marks the Asset brand and category Unknown.
    14. Select Next.
    15. In the Confirmation section, set the schedule, recursion, and duration.

      Confirm and schedule
    16. Select Next.
    17. Select the Create Auto Query button.

    タスクの結果

    The query is added to the Auto Query page.