Filtering an Endpoint Discover scan with IP / FQDN

book

Article ID: 159536

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Discover

Issue/Introduction

How do I filter an Endpoint scan by IP or FQDN?

 

Resolution

In V9 to V11, an Endpoint scan can be filtered within the scan target, on the "Scanned Content" tab.

In V12, an Endpoint scan can be filtered within the scan target, on the "Filters" tab.

 To specify either machine names or IP address to define a subset of endpoint on which to run the scan on.

  • Machine name and IP filter element will be include by the character ">" to distinguish them from path elements.
  • Machine names that will be matched on both the WINS name and the FQDN, the wildcard "*" and "?" and escape "\" are supported (Dos Globbing).
  • IP addresses specified as network: i.e.  192.168.32.0/24, 10.0.0.0/8

For example to only scan machine in the 192.168.20.0/24 network , the include filter should be: >192.168.20.0/24,                                                                                                                

If we want to scan more than one machine by IP or machine name then below is example of include filter                                                                                                                         

>WIN-7-X86,>WIN-7-X64 (include new entry separated by comma without space and begins with ">" sign)

Note: that all path elements will be OR'ed together then AND'ed with the OR'ed group of machine names and IP network.

 

Note: there is a 1024 character limit on the filter. So, using wildcards for FQDN is highly recommended.

Note: All Endpoint Agents will get a scan request, even if they are filtered out.  The filtered agents will immediately send a notification to the server that the scan is complete.