Network Discovery
Overview
⚠️ Subscription
Network Discovery is available exclusively with the Enterprise plan and requires an Advanced Agent (version 1.5.0 or higher). See Plans →
Network Discovery allows an Advanced Agent to automatically scan the network it is deployed in, detect active hosts, identify open ports, and report the results back to the platform. You can then create sensors from the discovered resources in a single click — turning a full network inventory into active monitoring in minutes.
How it works
- You launch a discovery from the Onagre dashboard.
- The Hub sends a scan task to the agent over its gRPC connection.
- The agent performs three steps:
- ICMP ping sweep — identifies which hosts are alive on the network.
- TCP port scan — checks 50 well-known ports on each alive host.
- Reverse DNS lookup — resolves IP addresses to hostnames when possible.
- Results are sent back to the platform and displayed in the dashboard.
- You select the resources you want to monitor and create sensors in bulk.
The entire process is non-intrusive and read-only — the agent never modifies anything on the scanned network.
Launching a discovery
Navigate to the agent detail page and open the Network Discovery tab.
Auto-detect network
Click Start Network Discovery. The agent automatically detects its primary network interface (the one with a gateway and the largest subnet) and scans it.
This is the simplest option — no configuration needed.
Target a specific network
Click Targeted Network Discovery to scan a specific subnet. Enter the network in CIDR notation (e.g. 192.168.1.0/24, 10.0.0.0/16) and confirm.
This is useful when the agent has access to multiple networks or when you want to scan a subnet that is not its primary interface.
💡 One at a time
Only one discovery can run per agent at a time. Wait for the current scan to complete before launching another.
Discovery results
Once the scan completes, the results appear in a table grouped by discovered host. For each host, Onagre suggests sensors based on what it found:
| Sensor type | Condition | Default schedule |
|---|---|---|
| Ping | One per alive host | Every 5 minutes |
| Port | One per open port | Every 5 minutes |
| Certificate | When port 443 (HTTPS) is open | Daily at 6:00 AM |
| HTTP | When an HTTP or HTTPS service is detected | Every 5 minutes |
Each row shows the IP address, resolved hostname (if available), port number, and detected service name.
Ports scanned
The agent checks the following well-known ports:
| Category | Ports |
|---|---|
| Web | 80, 443, 8080, 8443, 8000, 8008, 8088, 8090, 8091, 8888 |
| Databases | 1433 (MSSQL), 3306 (MySQL), 5432 (PostgreSQL), 1521 (Oracle), 27017 (MongoDB), 6379 (Redis), 9042 (Cassandra) |
| Messaging | 5672 (RabbitMQ), 9092 (Kafka) |
| Infrastructure | 22 (SSH), 53 (DNS), 25 (SMTP), 3389 (RDP), 445 (SMB), 2375/2376 (Docker) |
| Monitoring | 3000 (Grafana), 5601 (Kibana), 9200 (Elasticsearch), 9100 (Node Exporter), 8200 (Vault) |
| Other | 21 (FTP), 110 (POP3), 143 (IMAP), 2049 (NFS), 5900 (VNC), 6443 (Kubernetes API) |
If a port is open but not in the known list, it appears as unknown.
Creating sensors from results
- In the results table, select the sensors you want to create. Use Select all to pick everything, or check individual rows.
- A counter shows how many sensors are selected.
- Click Create Selected Sensors.
Onagre creates all selected sensors with sensible defaults:
- All sensors are linked to the same agent.
- All sensors are tagged
discoveredfor easy filtering. - Integrations (notification channels) are inherited from your account settings.
- Sensors start monitoring immediately after creation.
Once sensors are created, the discovery is automatically archived.
Discovery history
After a discovery is archived, it appears in the Discovery History table at the bottom of the page. Each entry shows:
- Who requested the scan.
- When it was requested and completed.
- The scan duration.
History is retained for audit and reference purposes.
Summary
| Aspect | Details |
|---|---|
| Requirement | Advanced Agent, version 1.5.0+, Enterprise plan |
| Modes | Auto-detect network or target a specific CIDR |
| Scan | ICMP ping sweep + TCP port scan (50 ports) + reverse DNS |
| Output | List of alive hosts with open ports and service names |
| Sensor creation | Bulk creation with one click, tagged discovered |
| Concurrency | One discovery per agent at a time |