Device Discovery FAQ

Here are some answers to frequently asked questions about device discovery.

How can I tell when a device was discovered?

The Device Overview page displays the date and time the device was first discovered by the ExtraHop system. The amount of time from discovery also appears, such as 3 days ago or 2 months ago. A device that is first seen less than five days ago is labeled as New.

Why can't I find a device?

If you cannot find a device in the ExtraHop system, it could be related to one of the following reasons:
  • The device is outside of a locally-monitored broadcast domain and the ExtraHop system is not configured to discover remote traffic through either a DHCP relay agent with L2 Discovery, Remote L3 Discovery, or a custom device.
  • The device has not been active since the ExtraHop system was deployed. An active device is one that sends data over the wire to other devices. Devices that only receive traffic are not discovered.
  • All traffic for the device is being filtered by IP address or port filters on the ExtraHop system.

What is a custom device?

Custom devices are manually created in the ExtraHop system to collect metrics across IP addresses and ports as a single device. You might create a custom device to track individual devices outside of your local broadcast domain or you might create a single custom device to collect metrics for several known IP addresses for a remote site or cloud service. You can add a custom device to the watchlist to guarantee that the custom device receives Advanced Analysis.

For more information, see Remote device discovery.

What is an inactive device?

An inactive device is a device that has not sent or received data over the last 30 minutes.

How do I check my device limit and device counts?

In 7.2, the device limit is the same as the Advanced Analysis capacity, which is the number of devices that can receive Advanced Analysis. Additional capacity for Standard Analysis and Discovery Mode is now available.

For more information, see Analysis priorities.

What is the watchlist?

The watchlist is a way to prioritize individual devices for Advanced Analysis. For more information, see Add a device to the watchlist and the Analysis Priorities FAQ.

Can I export a list of devices to a CSV file?

Yes. Click Assets at the top of the page and then click Devices in the left pane. In the upper right corner of the page, click the command menu and then click CSV. A CSV file downloads, which contains each device's name, MAC address, IP address, discovery time, and description (if available).

Can I change the role of my device in the ExtraHop system?

Yes, you can update the device role in device properties. The ExtraHop system assigns a device type, or role, to a newly discovered device based on the type of observed wire data traffic associated with the device.

For more information, see Change a device role.

Does selecting a new role change the type of data the ExtraHop system collects from the device?

No, this option only provides an opportunity to manually classify which role the device plays on your network.

For more information, see Change a device role.

Can I change the name of my device in the ExtraHop system?

Yes, you can change the device name in device properties.

For more information, see Change a device name.

Published 2020-09-15 19:57