Re: Server asset inventory tool

[Kevin Wilcox <wilcoxkm () APPSTATE EDU>]

On Fri, 26 Apr 2019 at 08:05, Angel Howard <alhoward () georgiasouthern edu>
wrote:


> We are also using a manual process.  Would love to know what others are
> using in terms of a solution and how they have automated the process.

We're in the middle of an RFP so I can't speak to specific products but
I'll toss out a few things to keep in mind when folks go looking.

o if you have a SecOps person (or persons), they should have access to read
your Azure/AWS/ESXi/whatever configs, and all of those have great APIs to
list VMs and their info
o if you have decentralised IT, don't be surprised to have your automated
scanner blocked (for malicious activity, connecting on monitored ports,
failed logins)
o you may have internal networks that aren't accessible - and not every
product allows scanner proxies or provides an agent
o several will offer functions that overlap with other tools, e.g., your
vulnerability scanner (installed software/versions, users, filesystem info,
etc)

This is especially timely for us as we're also simultaneously expanding our
SIEM sources and working on EPP/EDR procurement; the question of "wait,
what data is available from where and via which API?!" is one that's
permanently residing on my tongue these days.

kmw