4.1.9. Visibility for external IPs

ON Sensor can discover devices with IP addresses but without an associated MAC address. In this case, we will see how to discover these devices without a MAC address, which are external devices located outside of our network.

1. Navigate to ON CMDB > Networks and configure all the networks with its default gateway configured.

2. Edit the /etc/default/opennac file.

2. Set the following logstash variable to true:

   • LOGSTASH_OUTPUT_MACDISCOVER: This parameter is used to enable the logstash MACDISCOVER polevals.

By enabling discovery for external devices, it allows MAC Discover policy evaluations to be sent to the ON Core. This policy evaluation will attempt to find the associated MAC address for the device, but in this case, it will not be possible.

Note

It is important to have in the Visibility Policy the Discover, UserDeviceProfiling, CheckHostDomain and OpenPorts plugins correctly configured.

It is unnecessary to have all enabled and running for the use case.