Page tree

You can uncover more on a particular device by searching on its IP address, MAC address, or other valid device identifier. If you search on an IP or MAC that is one of many interfaces on a particular device (e.g., a routing device), Search will return information about the entire device, including any other interfaces and IPs that are a part of it. In the event Search returns little-to-no information about a particular IP or MAC address, that's an indication that Lumeta encountered the address in an SNMP route table, for example, rather than from a direct IP response. This would also be the case if the address was beyond the Stop List or in the Avoid List.

If you search on a child IP (aka loose IP or alternate IP), the device details will be limited to showing only that data associated with that address. You can get a broader set of device details by looking at the parent device of the child IP. Click the Reference IP link, located in the Device Info tab to do so. This parent IP (aka reference IP) provides full device details. 

As an aside, a handy way to force your 'preferred' reference IP is to use the  Internal List.  For example, if you use a management network of 10.1.0.0/16 for router management and that is how they should be identified on the map, put 10.1.0.0/16 in your Internal List. 

Preference order for reference Ip is:

  1. mac
  2. ipv4
  3. internal
  4. trusted
  5. known


Click Show Details to open a tabbed set of views of device details. Then click a tab to see the device details it contains. The available device details tabs are as follows:

  1. Device Info - Identifiers such as device name, IP and MAC address, protocols by which it communicates, method by which Lumeta discovered the device, whether the device was on Lumeta's Known or Target lists, and whether it has any SNMP aliases.
  2. Device Profile- The device type, vendor, and model; also the operating system and version.
  3. Attributes - Any regular or user-defined attributes that have been assigned to the device such as a CIFS name or Autonomous System (AS) name.
  4. Interfaces - The interface name, index, physical address, host IP address, host MAC address, type, alias, port, vLAN, operating system, and administrative status.
  5. Connected Hosts, Layer 3 - Layer 3 network devices hosting information resources, services, and applications to users or other nodes on the network
  6. Leak Response - Leak response indicates presence of a leak path to or from the Internet (i.e., A "no leak response" message is desirable.)
  7. Notifications - Lists the notifications associated with a device.
  8. Alternate IPs - Other IP addresses by which the device is addressed or otherwise associated with the device. These are the non-reference IPs–the addresses to which the device has not been consolidated.
  9. WMI Services - Displays details on all WMI services running on a device.  See WMI Discovery & Profiling for more.

  10. Cisco pxGrid - Displays session data for pxGrid IPs. See Cisco pxGrid for more. 

  11. FireMon - The risk score, asset values and other device details associated with SIP-managed devices. See FireMon Management Dashboard and FireMon Security Manager for more. 
  12. Cloud - Displays device details on a cloud instance.  See Cloud Device Details for more.


  • No labels