Atlas Discovery allows you to run both external and internal network scans to populate your Certificate inventory and dashboard. These scans, once configured, run automatically and then every 24 hours thereafter. External scans can be configured to include subdomains, internal scans require the download of an agent.
The status of the scan and when it was last run are also displayed on this page. Note that internal scan statuses will remain as “not started” until the agent is properly downloaded and activated.
Here’s what you can do with scan profiles:
External network scans allow users to scan specific domains and subdomains to detect, observe and manage TLS Certificates. Enter a FQDN or public IPv4 address or range into a target field to enable scanning of that domain or web server.
Note for subdomains, the current implementation looks at the top 200 most commonly used subdomains. We are planning to expand this in future releases.
Internal network scans allow users to scan network ports to detect, observe and manage TLS certificates by a chosen IPv4 address or range. For the internal scan to successfully run, you need to create an agent, which is a lightweight network utility that will monitor your internal network and send the results to Atlas Discovery.
Agents are available for Windows, Linux and Darwin (macOS). The Windows agent is codesigned with a GlobalSign Codesigning Certificate.
For Linux and Darwin implementations, change the agent's executable permissions using command chmod a+x.
To run the agent for Darwin implementations:
The activation token is good for one year. If you lose it and need to reactivate the agent, you can get a new token by clicking the “Reset Token” button in the scan configuration screen.
Atlas Discovery has a downloadable agent by which you can send discovered internal Certificates to your Discovery inventory. The Windows version of the agent has been codesigned by a GlobalSign Certificate.
To send Certificates to Atlas Discovery, the agent consumes public APIs hosted on the AWS API Gateway. In most implementations the agent will work simply by downloading and activating it via the portal instructions. In some implementations however, the public IP address needs to be allowlisted prior to agent activation. This list contains the list of possible IP Address Ranges in which the external IP can fall. You will have to allow all of them in order for the agent to communicate with Atlas. We will deploy a change in a future release that will eliminate the need for this list.