Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?
Discovery Scan Types: FortiSIEM uses various scan types to discover devices on a network.
Layer 2 (L2) Scan: An L2 scan discovers devices based on ARP tables and MAC address information from adjacent devices.
Limitation: If a device is quiet (not actively communicating) and its entry is not present in the ARP table of adjacent devices, the L2 scan may miss it.
Other Scan Types:
CMDB Scan: Based on the existing Configuration Management Database (CMDB) entries.
Range Scan: Scans a specified IP range for devices.
Smart Scan: Uses a combination of methods to discover devices.
References: FortiSIEM 6.3 User Guide, Device Discovery section, which explains the different types of discovery scans and their characteristics.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit