topic XSIAM Assets / Network Mapper - How to identify unknown assets in Cortex XSIAM Discussions https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/xsiam-assets-network-mapper-how-to-identify-unknown-assets/m-p/995608#M121 <P>We configured network mapper in the BrokerVM settings and using multiple ports for network identification. Of course, on the firewalls we allow all traffic from them to make a full visibility internally. However, the scan doesn't resolve the hostname or open ports on the machine that can support with OS identification, like 22/ssh - potential Linux etc. Sometimes with manual scan using nmap we can see much more open ports and zero return from mapper.<BR /><BR />Using network mapper, possible to resolve FQDN of the machine like with nmap ARP scan? How possible to identify or which process is the best to identify unknown assets in the network?</P> Thu, 28 Nov 2024 09:31:14 GMT MDovirak 2024-11-28T09:31:14Z XSIAM Assets / Network Mapper - How to identify unknown assets https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/xsiam-assets-network-mapper-how-to-identify-unknown-assets/m-p/995608#M121 <P>We configured network mapper in the BrokerVM settings and using multiple ports for network identification. Of course, on the firewalls we allow all traffic from them to make a full visibility internally. However, the scan doesn't resolve the hostname or open ports on the machine that can support with OS identification, like 22/ssh - potential Linux etc. Sometimes with manual scan using nmap we can see much more open ports and zero return from mapper.<BR /><BR />Using network mapper, possible to resolve FQDN of the machine like with nmap ARP scan? How possible to identify or which process is the best to identify unknown assets in the network?</P> Thu, 28 Nov 2024 09:31:14 GMT https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/xsiam-assets-network-mapper-how-to-identify-unknown-assets/m-p/995608#M121 MDovirak 2024-11-28T09:31:14Z Re: XSIAM Assets / Network Mapper - How to identify unknown assets https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/xsiam-assets-network-mapper-how-to-identify-unknown-assets/m-p/999750#M129 <P>Hi MDovirak,</P> <P>&nbsp;</P> <P>The Broker VM Network Mapper is only using a ping scan to identify interfaces on the network.&nbsp; It is not doing nmap or any other method that would allow more detailed discovery.&nbsp; You can ingest DHCP logs from <A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Documentation/Ingest-logs-from-Windows-DHCP-using-Elasticsearch-Filebeat?tocId=GLiluNJ6nH13UESGRFEDpA" target="_self">Microsoft DHCP</A> to provide additional enrichment of hostname for discovered IP addresses.</P> Fri, 27 Dec 2024 15:53:41 GMT https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/xsiam-assets-network-mapper-how-to-identify-unknown-assets/m-p/999750#M129 afurze 2024-12-27T15:53:41Z