After you have configured and registered your Broker VM, you can choose to activate the Network Mapper application.
The Network Mapper allows you to scan your network to detect and identify unmanaged hosts in your environment according to defined IP address ranges. The Network Mapper configurations are used to locate unmanaged assets that appear in the Assets table.
Note
Activating the Network Mapper requires a Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB license.
Select
→ → → .In either the Brokers tab or the Clusters tab, locate your Broker VM.
You can either right-click the Broker VM and select APPS column, and select → .
→ , or hover in theIn the Activate Network Mapper window, define the following parameters:
Scan Method—Select the either ICMP echo or TCP SYN scan method to identify your network hosts. When selecting TCP SYN you can enter single ports and ranges together, for example
80-83, 443
.Scan Requests per Second—Define the maximum number of scan requests you want to send on your network per second. By default, the number of scan requests are defined as 1000.
Note
Each IP address range can receive multiple scan requests based on it's availability.
Scanning Scheduler—Define when you want to run the network mapper scan. You can select either daily, weekly, or monthly at a specific time.
Scanned Ranges—Select from the list of exiting IP address ranges to scan. Make sure to
after each selection.
Note
IP address ranges are displayed according to what you defined as your Network Parameters.
Activate the applet.
After a successful activation, the APPS field displays Network Mapper with a green dot indicating a successful connection.
In the APPS field, hover over the Network Mapper connection to view the following scan and applet metrics:
Scan Details
Connectivity Status—Whether the applet is connected to Cortex XDR .
Scan Status—State of the scan.
Scan Start Time—Timestamp of when the scan started.
Scan Duration—Period of time in minutes and seconds the scan is running.
Scan Progress—How much of the scan has been completed in percentage and IP address ratio.
Detected Hosts—Number of hosts identified from within the IP address ranges.
Scan Rate—Number of IP addresses scanned per second.
Applet Metrics
Resources—Displays the amount of CPU, Memory, and Disk space the applet is using.
Manage the Network Mapper.
After the network mapper has been activated, hover over the Network Mapper connection in the APPS column to display the Network Mapper settings, and select:
Configure to redefine the network mapper configurations.
Scan Now to initiate a scan.
Deactivate to disable the network mapper.