The Inventory page is the heart of runZero Network Discovery and
the key to understanding what is on your network. The inventory displays all assets within the Organization and can be sorted, filtered,
and exported to obtain specific views of the environment.
An asset within runZero is defined as a unique network entity. Assets may have multiple IP addresses and MAC addresses and these addresses
may change as the environment is updated. runZero tracks assets based on several heuristics, including MAC address, IP address,
hostnames, and fingerprint results for the operating system and running services.
In most cases, runZero can accurately follow assets
over time in environments using DHCP, even across remote subnets. For external networks, scans that are initiated with fully qualified hostnames will consolidate assets based on the hostname, which allows for consistent asset tracking for cloud-based external systems with
dynamic IP addresses.
Within an organization, assets are isolated by site, and each site can have address space that overlaps with other sites. Sorting the
Inventory view based on the site column can help in these scenarios, as can filtering the Inventory based on a specific site name.
The search field allows the inventory to be filtered based on the specified criteria. Please see the Search Query Syntax documentation for specific details.
In addition to viewing assets, the Inventory page provides data export functionality, along with the
ability to select assets, and specify the comments field. The Rescan action can be used to selectively rescan specific
systems from the inventory, while the Remove Assets and Purge Assets can be used to permanently remove data from the inventory view.
The Reports button provides quick access to key reports from the runZero reports page.
Data is loaded into the inventory using the Scan and Import buttons.
The results are analyzed and merged, updating asset information as necessary.
The Scan button has two options: Standard Scan and Full RFC 1918 Discovery. The latter is an easy way to set up a fast scan of all private range IP addresses. You can then use the coverage reports to check for assets in unexpected private address ranges.
The Import button has two options. Importing runZero Scan Data allows you to import data that was scanned by the standalone runZero scanner. This means you can scan networks that have no connectivity to the Internet, and still view the results in the runZero console. It’s also useful for reprocessing old scan data so that you can use the site compare feature to see how assets have changed over time.
The bulk asset update feature allows you to modify assets by exporting a CSV using the Export button, making changes to the data in a spreadsheet program, and then importing the result back into runZero.
Connecting to other systems
The Connect button lets you connect runZero to other systems. Depending on your license level, these may include:
- Sources of cloud and VM inventory information
- Endpoint detection and response systems
- Sources of Internet scan data
- Mobile Device Management (MDM) systems
The Inventory page has a submenu labeled Services. This changes the table of data from an asset-focused view to a service-focused view. For each asset, you will see one row for each service runZero detected.
Like the main asset view, the services view has a full search interface. You can filter services by protocol, port, and many other criteria, using the runZero search language.
If the runZero Explorer has access to Google Chrome, it will attempt to take screenshots of web pages it finds while scanning your network. (This feature can be disabled in the scan options when setting up the scan.)
You can view the screenshots for all of your assets via the Screenshots submenu, and click through to the asset records for full details.
The inventory page has a submenu labeled Software. This flips the table of data from an asset-focused view to a software-focused view. For each asset, you will see one row for each software detected by runZero or a supported integration.
Like the main asset view, the software view has a full search interface. You can filter software by vendor, product, and many other criteria, using the runZero search language.
The inventory page has a submenu labeled Vulnerabilities. This flips the table of data from an asset-focused view to a vulnerability-focused view. For each asset, you will see one row for each vulnerability detected by a supported integration.
Like the main asset view, the vulnerability view has a full search interface. You can filter vulnerabilities by CVSS score, name, CVE, and many other criteria, using the runZero search language.
Viewing wireless networks
If the machine running the runZero Explorer has a working WiFi adapter and appropriate system tools installed, the Explorer will attempt to scan for nearby wireless networks. The Wireless submenu will show the results of the scan.
The tools required are:
netsh.exe (part of modern Windows releases)
- macOS: Airport Utility
iwlist, often available via the