Skip to main content

Configuring discovery templates

Discovery templates are used to apply configuration settings for new target systems that are created from discovered server and workstation objects. The target systems are created when the servers or workstations become managed systems, either manually via the Manage the system > Resources > Discovered objects menu, or via target system import rules during auto discovery .

Default templates

Bravura Security Fabric includes the following default discovery templates:

  • NT_TEMPLATE – This template creates a target system using the (agtnt) connector for Windows servers and workstations. It creates a target system that is a source of profile IDs, and will automatically discover administrative and service accounts during auto discovery .

    You can apply this template for systems discovered on an Active Directory domain.

  • LWS_NT_TEMPLATE This template creates a target system using the (agtnt) connector for Windows servers and workstations. It creates a target system that is not a source of profile IDs and does not automatically discover administrative and service accounts during auto discovery .

    It is recommended that you apply this template for workstations on which the Local Workstation Service has been installed. Used only with a full Bravura Privilege license.

  • CISCO_IOS_SSH_TEMPLATE – This template creates a target system for Cisco IOS networking equipment using a PSLang script, agtcisco-ios.psl and a scripted platform definition file, agtcisco-ios-ssh.con to call the agtssh connector. It creates a target system that is not a source of profile IDs and does not automatically discover administrative accounts during auto discovery .

  • CISCO_IOS_TELNET_TEMPLATE – This template creates a target system for Cisco IOS networking equipment using a PSLang script, agtcisco-ios.psl and a scripted platform definition file, agtcisco-ios-telnet.con to call the agttelnet connector. It creates a target system that is not a source of profile IDs and does not automatically discover administrative accounts during auto discovery .

    A placeholder hostname value is provided in the Cisco IOS discovery templates. This needs to be replaced with a valid target system internal hostname for a Cisco IOS discovered system to be properly managed.

Adding a discovery template

To add a discovery template:

  1. Click Manage the System > Resources > Target systems > Discovery templates.

  2. Click Add new… .

  3. Configure the Target system information for the template:

    • The discovery template’s ID will be used to specify which template a discovered system will use to specify its target system settings.

    • Depending on the chosen Type, the Description and Address may be populated with example text. Review these settings before accepting them.

    • The Description and Address can be set automatically using a PSLang expression based on <accattr>s discovered during auto discovery . These discovered values are stored in SQLite .db files, located in the <instance> \ psconfig directory.

      For example, the default NT_TEMPLATE has its Address set to:

      "\\\\"+$comp["dNSHostName"][0]

      You can also target systems using the system IP address; for example:

      "\\\\"+$comp["ip"][0]

      or

      "\\\\"+$comp["ip"][1]

      depending on whether detected systems have multiple IP address, and which address is chosen.

    • The List of proxies to run connectors on can also be set automatically using a PSLang expression. For example, to copy the proxy address from the source target system, use the following expression:

      $comp["sourceProxy"][0]

  4. Optionally, configure the administrator credentials. This is useful if you plan to use the same password for all subsequently discovered workstations.

    Note that the ID is set by a PSLang expression, so a literal string must be enclosed in quotes; for example "Administrator" . Discovered target systems that have the adminid <accattr> can also use adminid to configure the administrator credentials.

    See also Defining connection methods for details about how target system template credentials are used in managing discovered resources.

  5. Optionally, configure the Discovery options to select what you want to list from discovered systems. This step is required if the discovery template is to be used with import rules .

    By default, all discovery options for a template are enabled, if the target type supports discovery options.

The target system IDs of discovered systems are set using the computerUUID attribute that is set for them. Push mode discovered systems have this attribute set to the objectGUID attribute if the systems are imported. Local service mode discovered systems have this attribute set to the system’s virtualdnshostname attribute unless specified during installation.

If a Local Workstation Service is discovered to be using an ID that has already been discovered, the conflict will be detected and the new service will be shut down. If you are reinstalling a Local Workstation Service, you must specify the reinstall flag.

Updating a discovery template

After you have managed systems using a discovery template, you can still update the configuration settings of the discovery template and propagate the settings to the existing systems, as well as any systems added in the future.

To update a discovery template:

  1. Click Manage the System > Resources > Target systems > Discovery templates.

  2. Select the discovery template you want to update.

  3. Configure the settings in Target system information or Discovery options as desired.

  4. Set Allow changes propagated to imported discovered system using this template to:

    • Yes - To propagate the changes to all existing and future systems that uses this discovery template, or,

    • No - To only propagate the changes to future systems that will use this discovery template.

  5. Click Update.

In this section: