Discovery Management
Discovery Management
Section titled “Discovery Management”Discovery Management enables automated identification of SSL/TLS certificates across your infrastructure.
It detects unmanaged certificates, validates deployed assets, and reconciles inventory against live environments.
Discovery Overview
Section titled “Discovery Overview”
The Discovery dashboard provides visibility into:
- Network Discovery
- Store Discovery
- CA Discovery
- Managed vs Unmanaged certificates
- Out-of-sync or ghost certificates
- Last run statistics
Each discovery type can be configured and executed independently.
Discovery Types
Section titled “Discovery Types”Network Discovery
Section titled “Network Discovery”
Scans infrastructure endpoints to detect exposed certificates.
Supports:
- HTTPS endpoint scanning
- IP-based scanning
- Port-based detection
- TLS handshake inspection
HTTPS Discovery
Section titled “HTTPS Discovery”
Discovers certificates from HTTPS URLs or IP:PORT endpoints.
Input options:
- URLs (one per line)
- IP addresses with ports
- Immediate execution or job-based execution
Ideal for public-facing services and API endpoints.
IP Range Discovery
Section titled “IP Range Discovery”
Scans defined IP ranges for TLS-enabled services.
Supports:
- Range notation (start–end)
- Custom port definitions
- Targeted internal network scanning
Used for internal infrastructure discovery.
CIDR Discovery
Section titled “CIDR Discovery”
Scans CIDR blocks for certificate endpoints.
Examples:
- 192.168.1.0/24
- 10.0.0.0/16
Useful for structured subnet scanning.
Domain Discovery
Section titled “Domain Discovery”
Discovers certificates from domain names.
Supports:
- Root domains
- Subdomains
- API endpoints
Used to detect externally exposed certificates.
CA Discovery
Section titled “CA Discovery”
Retrieves certificates directly from configured Certificate Authorities.
Supports:
- Microsoft Active Directory Certificate Services (AD CS)
- Smallstep Certificate Authority
Helps reconcile issued certificates with deployed assets.
Execution Modes
Section titled “Execution Modes”Discovery supports two execution models:
- Immediate Execution – Run discovery instantly and view results
- Job-Based Execution – Schedule discovery and monitor progress
Discovery Jobs
Section titled “Discovery Jobs”
The Jobs view provides execution history:
- Job name and type
- Status (Queued, Running, Success, Failed)
- Execution duration
- Scheduled time
- Agent execution reference
This enables operational auditing and troubleshooting.
Correlation & Reconciliation
Section titled “Correlation & Reconciliation”The platform automatically:
- Matches discovered certificates with inventory
- Identifies unmanaged certificates
- Detects metadata mismatches
- Flags out-of-sync or ghost certificates
- Tracks certificate movement across environments
This ensures accurate lifecycle governance.
Operational Value
Section titled “Operational Value”Discovery Management helps organizations:
- Eliminate shadow certificates
- Prevent unexpected outages
- Maintain compliance visibility
- Validate CA issuance accuracy
- Reduce manual certificate tracking
Discovery acts as the foundation of SSL Certificate Lifecycle Management by ensuring complete visibility across all environments.