BCM Asset Discovery will find anything using an IP where that IP is in the range of the target list. NAMP, the engine used for Discovery, will try to find or associate that device with an OS. If you supply the proper credentials the OS detection works really well. If you do not supply the proper credentials then NMAP will "guess" what that device is... Sometimes it is really accurate and other times you may scratch your head wondering why it chose that OS. For devices running a firewall, that device will become invisible to the scanner because that is what a firewall is suppose to do!
This is the link that may help you better understand the NMAP process:
I've read it for quiet sometime, but some of the value are just not valid or as you say "may scratch your head wondering why it chose that OS".
I'm pretty sure it's because of the port scanning on NMAP, the more ports their open the more information BCM get.
I think unless the device is open and using SNMP default community string (public), we wouldnt have anything except hostname (DNS Lookup), IP, MacAddr.