1.1: Utilize an Active Discovery Tool

[codydumont]

--- Issue 1
The description of the "tools that are compliant" or the "M3 = List of compliant tools" and "M4 = List of non-compliant tools" is extremely unclear.

Is this talking about methods of active discovery, authentication protocols, etc.

If so, if the Tool does ICMP, TCP Syn Scan, SMB Login, and HTTP login. While the Assets accepts all 4 types of authentication, we will have 100% for M8.

But if the system also supports MySQL login, then we are 80% for M8.

I am just very unclear as to what the M3, M4 and M8 are.

---- Issue 2
For the M1 (List of discovered assets), I assume this could be a list of known IP addresses in use, or number of devices purchased. For example if this is a new company and we just purchased 100 workstations, 100 IP Phones, 2 printers, 4 servers, and a router, we would have 207 Discovered assets. The objective of M5 is to scan the network and get a count of 207.

If this is the case, should we change M1 to be called "List of discoverable Assets from manual Inventory". Thus leaving M2 to be the delta between the ICMP scan (M5) and the M1.

---- Issue 3
To assist in the clarity, provide discussion examples, similar to what I did with issue 2, would go a long what in helping the reader understand what you are talking about here.

Thank you for the opportunity to contribute.

[ginger-anderson]

Hey Cody,

CAS v2.0 attempts to use the discovery tool list and compare it to a potential "manual" or existing list. Could you take a look at 1.3 in v2.0 and see if you feel this is addressed? If so, I can close this out. If not, we can discuss further. Thanks!

v/r
Ginger