# Target Discovery

Target Discovery identifies the devices and services that DISCOVER can scan. Before running scans, targets must be discovered and added to DISCOVER's inventory. Once a discovery job completes, the found targets appear in [**Devices/Services Found**](#devices-services-found).

DISCOVER finds targets through two methods:

* **Network-based discovery**, where Scanning Servers search for devices within specified IP ranges using WinRM, SSH, or SMB protocols.
* **Cloud service discovery**, where DISCOVER connects to Microsoft 365 services via the Microsoft Graph API.

<figure><img src="/files/f5Tq3sRuZOLaOq8pSipG" alt="" width="563"><figcaption></figcaption></figure>

<details open>

<summary><strong>Add Devices</strong></summary>

Devices are physical or virtual endpoints that DISCOVER scans for sensitive data. This includes workstations, laptops, and file servers. DISCOVER connects to these devices either locally (if the Scanning Server is installed on the device itself) or remotely using SSH or WinRM.

<figure><img src="/files/uDQr7ArbegXlFUdtWeiP" alt="" width="563"><figcaption></figcaption></figure>

1. Navigate to **DISCOVER** > **Target Discovery** > **Devices** and click **+New Target Discovery**.
2. In the **Discovery Job Name** field, enter a descriptive name that identifies the purpose of the job (e.g., Finance Department Workstations, Sydney Office Network Scan).
3. In the **Target IP Range** field, enter the IP address range where DISCOVER should search for devices (e.g., `192.168.1.100` ).

{% hint style="warning" %}
The Scanning Server and target devices must be within the same subnet to communicate directly. If they are on different subnets, your network must have appropriate routing, firewall rules, and port access configured to allow the Scanning Server to reach the targets.
{% endhint %}

4. Set the **Location** filter to narrow the list of available Scanning Servers by their assigned location. This is useful when you have Scanning Servers deployed across multiple sites or business units. Select the location that corresponds to where the Scanning Server you want to use is deployed (e.g., "Sydney Office", "Melbourne Data Centre").
5. From the protocol drop-down, select how DISCOVER will connect to target devices:
   * **WinRM** for Windows devices.
   * **SSH** for non-Windows devices.
   * **File Server (SMB)** for network file shares and storage devices accessible via SMB, such as Windows file shares and NAS devices.
6. Enter credentials for an account with access to the target devices. The format depends on the account type:
   1. **For WinRM and SSH Protocols:** Enter the **Username** and **Password** in the appropriate fields. The account type determines the format:
      1. **Local Accounts:** Use the local username only (e.g., `administrator`, `admin`, `localuser`). Local accounts are created directly on the target device and are not part of a domain.
      2. **Azure AD (Entra ID) Accounts:** Use the full email address (e.g., `user@yourcompany.com.au`). These are cloud-based accounts managed through Microsoft Azure Active Directory.
      3. **Domain Accounts:** Use the format `DOMAIN\username` (e.g., `YOURCOMPANY\admin`, `CONTOSO\scanuser`). These are accounts managed through an on-premises Active Directory domain.
   2. **For File Server Protocol**, enter the Username and Password of an account with access to the target share. Use the `DOMAIN\username` format for domain accounts where required.
   3. In the **SMB Location** field, enter the server name and path to the share or folder. (e.g,`\\fileserver01\share, \\fileserver01\share\folder, \\192.168.1.50\documents`)
7. Set the **Connection Retry Frequency** to define how often DISCOVER will attempt to reconnect if the initial connection fails. Shorter intervals result in faster retries but increased network traffic; longer intervals reduce network load but slow down discovery.
8. Set the **Connection Timeout After** to define how long DISCOVER will continue attempting to connect before marking the target as unreachable.
9. Click **Save**.

DISCOVER will begin attempting to connect to devices within the specified IP range. The discovery job appears in the Target Discovery list.

</details>

<details>

<summary><strong>Add Services</strong></summary>

Services are cloud-based endpoints that DISCOVER can access and scan for sensitive data. Unlike devices (which are physical or virtual machines), services are cloud applications accessed through APIs. These include Microsoft 365 services such as Exchange Online and SharePoint Online.&#x20;

![](/files/5d2b4804b26784c43dde0ddf5dba5a8294cc6ce1)

1. Navigate to **DISCOVER** > **Target Discovery** > **Services** and click **+Discover New Target**.
2. Enter a descriptive **Discovery Job** name for the cloud service discovery task (e.g., "*Exchange Online - Finance Department*", "*SharePoint - HR Site Collection*").
3. Select the type of cloud service you want to discover from the **Cloud Connector** drop-down menu
   1. [**Microsoft Exchange**](#exchange) for Exchange Online mailboxes.
   2. [**SharePoint**](#sharepoint) for SharePoint Online document libraries and OneDrive for Business.

Depending on which cloud connector you selected, you'll need to provide specific authentication information.

#### Exchange

* **Exchange Tenant ID:** Your organisation's Azure AD Tenant ID, found in the Azure portal under **Microsoft Entra ID** > **Overview**.<br>

  <img src="/files/132f2acb27b8aa7b5683317ce5c605f34b609db1" alt="" width="563">
* **Exchange Client ID:** The Application (Client) ID of your registered Exchange application in Azure AD, found under **Microsoft Entra ID** > **App registrations** > your application.<br>

  <img src="/files/33685c154598531d19cff5657591388506a6bfec" alt="" width="563">

#### SharePoint

* **SharePoint Organisation:** The first part of your SharePoint URL (e.g., if your URL is `https://organisation.sharepoint.com`, enter `organisation`).
* **SharePoint Tenant ID:** Same as Exchange Tenant ID.
* **SharePoint Client ID:** The Application (Client) ID of your registered SharePoint application in Azure AD.

4. Set the **Location** to filter the list of Scanning Servers by their assigned location, similar to device discovery.
5. Choose how DISCOVER will authenticate to the cloud service:
   1. **Client Secret:** Enter the secret key (password) generated for the registered application in Azure AD. Client secrets expire periodically and must be renewed before expiry to avoid losing connectivity.<br>

      <figure><img src="/files/4793d2311a42d83f4bfdb5aca2bd33401e50186e" alt="" width="563"><figcaption></figcaption></figure>
   2. **Client Certificate (Recommended for Security):** Upload a `.pfx` or `.cer` certificate file registered with your Azure AD application. Certificates are more secure than client secrets, cannot be easily copied or intercepted, and can be revoked immediately if compromised.
6. Set the **Connection Retry Frequency** to define how often DISCOVER will attempt to reconnect if the initial connection fails. Shorter intervals result in faster retries but increased network traffic; longer intervals reduce network load but slow down discovery.
7. Set the **Connection Timeout After** to define how long DISCOVER will continue attempting to connect before marking the target as unreachable.
8. Click **Save**.

DISCOVER will attempt to connect to the cloud service using the provided credentials. Once connected, it retrieves a list of accessible mailboxes (for Exchange) or site collections and document libraries (for SharePoint). These appear in **DISCOVER** > **Target Discovery** > **Devices/Services Found**.

</details>

After initiating discovery jobs, you have access to the following features in the Target Discovery page:

![](/files/394106b8332088f29a455afed8eb168aebdf152c)

### Edit Target Discovery

1. Navigate to **DISCOVER** > **Target Discovery**.&#x20;
2. Click **Edit** <i class="fa-pencil" style="color:blue;">:pencil:</i> on the discovery job you want to modify.
3. Make the necessary changes to any of the fields (IP range, credentials, cloud connector settings, etc.) following the same guidelines as when you created the discovery job.
4. Click **Save** to apply the changes.

### Delete Target Discovery

1. Navigate to **DISCOVER** > **Target Discovery**.
2. Click **Delete** <i class="fa-trash-can" style="color:$danger;">:trash-can:</i> on the discovery job you want to remove.
3. Click **Confirm** to permanently delete the discovery job.

### Rediscover Targets

Use Rediscover when devices in the original discovery range were unavailable, out of range, or temporarily unreachable during the first run. Any newly found targets are added to the **Devices/Services Found** list.

1. Navigate to **DISCOVER** > **Target Discovery**.
2. Locate the completed discovery job and click **Rediscover** <i class="fa-arrows-rotate">:arrows-rotate:</i>.
3. The job restarts with the same settings and parameters.

{% hint style="info" %}
Rediscover is available only after the original target discovery job completes. You cannot change the settings or target discovery parameters during Rediscover.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.guardware.com/discover/scan/target-discovery.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.