3 Replies Latest reply on Apr 24, 2020 9:29 AM by Gene Slaughter

    VPN scans, only want IP/NIC/MAC from VPN or Ethernet connection

    Gene Slaughter
      Share This:

      I am using 11.1.0.8 (RHEL6) and am trying to filter out just the IP/NIC Name & Desc/MAC from connected client. 

      Primary looking to filter out Wi-Fi/Wireless data.

      Below are two attempts but, no success, any help would be greatly appreciated.

       

      // Daily WinDT Report 1c (Yesterday)  (1358 results)

      // Report showing Daily Windows Desktop (Clients)

      search Host where type = 'Windows Desktop' and last_update_success >  (currentTime() - 24 * 3600 * 10000000) show

      name,

      os,

      vendor,

      model,

      serial,

      type,

      #ElementInLocation:Location:Location:Location.name as 'Location',

      #OwnedItem:Ownership:ITOwner:Person.name as 'IT Owner',

      last_update_success,

      age_count,

      virtual,

      #DeviceWithAddress:DeviceAddress:IPv4Address:IPAddress.#IPv4Address:InterfaceAddress:InterfaceWithAddress:NetworkInterface.service_name as 'NIC_Name',

      #DeviceWithAddress:DeviceAddress:IPv4Address:IPAddress.ip_addr as 'IPv4(last)',

      extract(single(#DeviceWithAddress:DeviceAddress:IPv4Address:IPAddress.ip_addr), '^([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})\\.[0-9]{1,3}$', '\\1') as '1st3Octs (IPv4)',

      #DeviceWithAddress:DeviceAddress:IPv4Address:IPAddress.#IPv4Address:InterfaceAddress:InterfaceWithAddress:NetworkInterface.description as 'NIC_Desc',

      #DeviceWithAddress:DeviceAddress:IPv4Address:IPAddress.#IPv4Address:InterfaceAddress:InterfaceWithAddress:NetworkInterface.interface_name as 'NIC_type'

       

      // DA plus other attrs 1a (816 results)

      //

      search DiscoveryAccess where _last_marker and result = 'Success' and

      nodecount(traverse Associate:Inference:InferredElement:Host where type = 'Windows Desktop') show

      #Associate:Inference:InferredElement:Host.name as 'Name',

      #Associate:Inference:InferredElement:Host.os as 'OS',

      #Associate:Inference:InferredElement:Host.vendor as 'Manu',

      #Associate:Inference:InferredElement:Host.model as 'Model',

      #Associate:Inference:InferredElement:Host.serial as 'Serial#',

      #Associate:Inference:InferredElement:Host.type as 'Host_Type',

      #Associate:Inference:InferredElement:Host.#ElementInLocation:Location:Location:Location.name as 'Location',

      #Associate:Inference:InferredElement:Host.#OwnedItem:Ownership:ITOwner:Person.name as 'ITuser',

      #Associate:Inference:InferredElement:Host.last_update_success as 'Last Update Success',

      #Associate:Inference:InferredElement:Host.age_count as 'Age Count',

      #Associate:Inference:InferredElement:Host.virtual as 'Virtual',

      endpoint as 'Endpoint',

      extract(endpoint, '^([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})\\.[0-9]{1,3}$', '\\1') as '1st3Octs (EP)', 

      #DiscoveryAccess:Endpoint:Endpoint:Endpoint.#Endpoint:ChosenEndpoint:Device:Host.#DeviceWithInterface:DeviceInterface:InterfaceOfDevice:NetworkInterface.#InterfaceWithAddress:InterfaceAddress:IPv4Address:IPAddress.ip_addr as 'NIC_IP', #Associate:Inference:InferredElement:Host.#DeviceWithInterface:DeviceInterface:InterfaceOfDevice:NetworkInterface.#InterfaceWithAddress:InterfaceAddress:IPv4Address:IPAddress.#DeviceOnSubnet:DeviceSubnet:Subnet:Subnet.ip_address_range as 'Subnet',

      #Associate:Inference:InferredElement:Host.#DeviceWithInterface:DeviceInterface:InterfaceOfDevice:NetworkInterface.interface_name as 'NIC_Name',

      #Associate:Inference:InferredElement:Host.#DeviceWithInterface:DeviceInterface:InterfaceOfDevice:NetworkInterface.description as 'NIC_Desc',

      #Associate:Inference:InferredElement:Host.#DeviceWithInterface:DeviceInterface:InterfaceOfDevice:NetworkInterface.mac_addr as 'MAC Address',

      #Associate:Inference:InferredElement:Host.#DeviceWithInterface:DeviceInterface:InterfaceOfDevice:NetworkInterface.manufacturer as 'NIC_Manu'