IP range polling

Expand all | Collapse all

Kaspersky Next XDR Expert allows you to poll an IP range only by using a distribution point. The distribution point attempts to perform reverse name resolution for every IPv4 address from the specified range to a DNS name, by using standard DNS requests. If this operation succeeds, the distribution point sends an ICMP ECHO REQUEST (the same as the ping command) to the received name. If the device responds, information about it is added to the Kaspersky Next XDR Expert database. The reverse name resolution is necessary to exclude network devices that can have an IP address but are not computers, for example, network printers or routers.

This polling method relies upon a correctly configured local DNS service. It must have a reverse lookup zone. If this zone is not configured, IP subnet polling will yield no results.

Initially, the distribution point gets IP ranges for polling from the network settings of the device assigned as a distribution point. If the device address is 192.168.0.1 and the subnet mask is 255.255.255.0, the network 192.168.0.0/24 is included in the list of polling address automatically. The distribution point polls all addresses from 192.168.0.1 to 192.168.0.254.

If only IP range polling is enabled, the distribution point discovers devices only with IPv4 addresses. If your network includes IPv6 devices, turn on Zeroconf polling of devices.

IP range polling by using a distribution point

To configure IP range polling by using the distribution point:

1. Open the distribution point properties.
2. Go to the IP ranges polling section, and then select the Enable range polling option.

   The IP range window opens.

3. Specify the name of a new IP range.
4. Click Add, and then specify the IP range by using the address and subnet mask, or by using the start and end IP address. You can also add an existing subnet by clicking the Browse button.
5. Click the Set polling schedule button to specify the polling schedule options, if needed.

   Polling starts only according to the specified schedule. A manual start of polling is not available.

   Polling schedule options:

   • Every N days

     The polling runs regularly, with the specified interval in days, starting from the specified date and time.

     By default, the polling runs every day, starting from the current system date and time.

   • Every N minutes

     The polling runs regularly, with the specified interval in minutes, starting from the specified time.

   • By days of week

     The polling runs regularly, on the specified days of week, and at the specified time.

   • Every month on specified days of selected weeks

     The polling runs regularly, on the specified days of each month, and at the specified time.

   • Run missed tasks

     If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.

     If this option is enabled, the Administration Server starts polling immediately after it is switched on.

     If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.

     By default, this option is disabled.

6. Enable the Use Zeroconf to poll IPv6 networks option, to automatically poll the IPv6 network by using zero-configuration networking (also referred to as Zeroconf).

   In this case, the specified IP ranges are ignored because the distribution point polls the whole network. The Use Zeroconf to poll IPv6 networks option is available if the distribution point runs Linux. To use Zerocong IPv6 polling, you must install the avahi-browse utility on the distribution point.

After the polling is completed, the newly discovered devices are automatically included in the Managed devices group, if you set up and enabled device moving rules. If no moving rules have been enabled, the newly discovered devices are automatically included in the Unassigned devices group.