Identifying Assets without Agent

Hi All,

Other than manually exporting asset lists and agents with hosts to do a cross-comparison, has anyone found a good way to discover hosts on the network that are lacking an InsightAgent?

hello! you could possibly do a discovery scan with nexpose. the nice thing about this is it won’t count against your total asset license (assuming your a nexpose/insightvm customer).

Hey @rford

I’m with the Insight Platform product team. Thanks for your question, we’re currently exploring the value of introducing a product-agnostic view of all of the assets in your environment. Would you be open to joining us for a research interview so we can better understand your needs and challenges? Sessions last up to 60 minutes via Zoom – if interested, would you or a team member have any availability between January 11-21?

– Andy

1 Like

isn’t this what a discovery scan is?

Thanks for flagging, I should clarify my last post – for this particular milestone we’re focussing on asset identification and inventory, which goes hand-in-hand with asset discovery.

1 Like

Hi Andy,

I’d love to discuss it more, can you reach out to me via email?

Super thanks – look out for an email from us shortly.

As an InsightPlatform customer we do this in InsightVM with a custom tag that is configured to apply to any asset where the “Software name” field does not contain “Rapid 7”

For this to be effective, you need to complete an authenticated scan of the assets with a scan engine.

Hi @andy_robinson_platform_ux, if you need further interview partners, I’d be up to! :wink:

We discover assets without agents or outdates agent version with another software solution, but it would be great to have a general overview of everything IP-based inside our network and to see which asset has an working/not working agent installed would be very helpfull.

Hey @RHolzer, we’d be really happy to invite you to join an interview!
I’ll send you an email with some details on how to sign up. Thanks for your interest!

1 Like

If you’re also running insightVM, you can do a search there for anything that’s been found that doesn’t have the endpoint agent key. If you’re not running insightVM, then this obviously won’t help.

1 Like

agent key = null

this will give you asset without agent if you have insightVM

3 Likes

@andy_robinson_platform_ux , I’d like to jump on a zoom call regarding this. I am getting mixed results from InsightVM with InsightIDR agent management portal. I have tried recommended insightVM trick agent key = null. I got less devices than missing update agents on the IDR agent portal. I have tried queries like agentID is NULL and semanticVersion IS NULL in IDR. I get no results. Could you please send me zoom invite for this week or next? Thank you.

We currently have another product for doing Software Asset Management, so to get rid of that and have one less thing running would be great.
Hardware Assets would be a good thing to have as well, pulling in make/model/serials and who is using it (and who “should” be using it!).

We do these things other ways but its messy, would be much better if one product did it all

1 Like

Thanks for the insight Chris! This is helpful and aligns with feedback from other customers around the challenges of asset management. I’ve passed this on to our product team who are looking at possible approaches to this type of use case.

Hello,

Can you please share what is the latest update on this case. Is there a way to look for assets without agents via IDR or IVM?

There is no way to do this within IDR as IDR only shows assets with the agent.

IVM though you can do this using the methods posted above.

You would use the query builder within IVM and use the following query.
Screen Shot 2022-09-08 at 4.29.51 PM

This would give you all of the assets in your environment that have either been discovered in your environment that do not have the agent on them. Keep in mind that this list is only as accurate as the assets that you have discovered. If you have a large or unknown environment and you’re still trying to figure out what assets are out there and where they live I suggest referencing this post here: 5 Steps for Dealing With Unknown Environments in InsightVM | Rapid7 Blog