Skip to main content

Discovery Configuration

This guide explains step-by-step how to discover, manage, and monitor certificates in SecTrail CM.

About the Feature

To learn what the Certificate Discovery feature is, how it works, and its advantages, first review the Features: Certificate Discovery page.

Certificate Discovery​

Accessing Discovery Configurations​

Access Path

To manage discovery operations, go to: Discovery β†’ Discover Process in the application panel.

Discovery Configurations List​

You can view all discovery periods and configurations defined in SecTrail CM in a centralized list.

Discovery Configurations

Discovery Configurations List - All Defined Discovery Tasks

List Information​

The following information is displayed for each row in the discovery configurations list:

  • Name - Descriptive name you gave to the discovery task
  • Discover Type - Which discovery method is used (Network Scan or CT Logs)
  • IP Range - IP range or domain name to be scanned
  • Ports - Which ports are scanned (e.g., 443, 444, 8443)
  • Discover Period - How frequently discovery runs
Available Operations​

You can perform the following operations from the list:

  • ✏️ View and Filter - Review discovery configurations
  • πŸ”§ Edit - Update existing configurations
  • πŸ—‘οΈ Delete - Remove unnecessary configurations
  • βž• Create New - Add new discovery configuration

Network Scan Configuration​

With Network Scan, you can discover SSL/TLS certificates in your internal network.

Creating New Network Scan​

As shown in the image below, you can create a Network Scan configuration:

Create Network Scan

Network Scan Configuration Form

Configuration Parameters​

ParameterDescriptionOptions
NameProvide a descriptive name for the discovery taskUse IP range or target system name
IP or CIDREnter the IP address, CIDR notation, or domain name you want to scanβ€’ Single IP: 192.168.1.100
β€’ IP range: 10.34.24.0/24
β€’ Subnet: 172.16.0.0/16
β€’ Domain: example.com
PortEnter ports to scan, separated by commasβ€’ Single port: 443
β€’ Multiple: 443,444,8443
Discover TypeSelect discovery methodSelect Network Scan
StatusDetermine status of discovered certificatesβ€’ Managed: Managed certificates
β€’ Monitored: Only monitored certificates
Discover PeriodSet how frequently the scan runsβ€’ Period type: Daily or Weekly
β€’ Time: HH:MM format
β€’ Add More to add multiple times
Tips
  • Scanning outside business hours reduces network traffic
  • Use Add More button to scan at different times each day

After entering the form information, click the Submit button to save the configuration.

CT Logs Configuration​

With CT Logs, you can discover your publicly published domain certificates.

Creating New CT Log Scan​

As shown in the image below, you can create a CT Logs configuration:

Create CT Log Scan

CT Logs Configuration Form

Configuration Parameters​

ParameterDescriptionOptions
NameProvide a descriptive name for the discovery taskExample: Example.com CT Scan, Company Domains
DomainEnter the domain name you want to scanβ€’ Example: example.com
β€’ Subdomains are automatically included
β€’ No need to use wildcard (*.example.com)
Discover TypeSelect discovery methodSelect CT Logs
StatusDetermine status of discovered certificatesβ€’ Managed: Managed certificates
β€’ Monitored: Only monitored certificates
Discover PeriodSet how frequently the scan runsβ€’ Period type: Daily or Weekly
β€’ Time: HH:MM format
Subdomain Discovery

When you enter example.com, all subdomain certificates for this domain are also automatically found: www.example.com, api.example.com, mail.example.com, and others.

CT Logs Recommendations
  • Daily scanning is recommended for CT Logs (to catch new certificates)
  • Be sure to perform daily scanning for Shadow IT detection
  • New certificates may take a few hours to be recorded in CT logs

After entering the form information, click the Submit button to save the configuration.

Manual Discovery​

You can perform quick and instant scans without creating scheduled discovery tasks.

When to Use Manual Discovery?
  • Quick check when adding a new server
  • Emergency certificate check
  • Test scans
  • One-time inventory updates

Manual Discovery

Manual Discovery Form - Quick Scan

Manual Discovery Parameters​

ParameterDescriptionOptions
IP or CIDREnter IP, CIDR, or domain to scanβ€’ Single IP: 1.1.1.1
β€’ IP range: 1.1.1.0/24
β€’ Domain: example.com
PortSpecify ports to scanβ€’ Single port: 443
β€’ Multiple ports: 443,844,444
Discover TypeSelect discovery methodβ€’ Network Scan: For IP/Port scanning
β€’ CT Logs: For domain scanning
StatusDetermine certificate statusβ€’ Managed: Managed
β€’ Monitored: Monitored

After filling out the form, click the Discover button to start scanning immediately.

Important Note
  • Manual discovery results are automatically added to inventory
  • However, it does not create periodic scanning
  • For regular scanning, you must create a scheduled discovery configuration

Bulk Discovery Configuration​

You can perform bulk import via Excel (XLSX) file to create multiple discovery configurations at once.

When to Use Bulk Import?
  • When you want to add many IP ranges or domains at once
  • When you want to create discovery configurations from an existing inventory list
  • When you want to bulk import network lists from different departments

File Import

File Import Screen - Bulk Discovery Configuration

How to Perform File Import?​

Access the bulk import page from Discovery β†’ File Import menu.

1. Download and Fill Template​

Click the Download Template button to download the Excel (XLSX) template file. Fill in the following columns in the template:

Template Tips
  • Each row in Excel represents a discovery configuration
  • Don't fill empty rows, Excel will automatically skip them
  • For multiple ports in the Port column, separate with commas: 443,8443,636
  • Use IP/CIDR for Network Scan, use domain for CT Logs

2. Upload File​

  1. Click the Choose File or Browse button
  2. Select the filled Excel file
  3. Ensure XLSX is selected in the File Type field
  4. Click the Import button

3. Check Results​

  • βœ… Successfully imported configurations are shown with green checkmarks
  • ❌ Rows with errors are marked in red and error message is displayed
  • πŸ“‹ Check all added records from the discovery configurations list

Monitoring Discovery Results​

You can track the results of all discovery operations from the Discovery β†’ Discover Process menu.

Discovery Results

Discovery Results Page - Scan Statuses and Statistics

Displayed Information​

On this page, you can see the following details for each discovery operation:

Scan Status : Ongoing, completed, or failed scans

Discovery Type : Network Scan or CT Logs

Target Information : Scanned IP range or domain name

Start Time : Date and time the scan started

End Time : Date and time the scan completed

Duration : Total scan duration

Certificates Found : Number of certificates found in the scan

Scan Details : Detailed log records of each scan

Scan Statuses​

Discovery operations can be in the following states:

StatusIconDescriptionAction Required
In ProgressπŸ”„Scan is currently ongoingWait for completion
Completedβœ…Scan completed successfullyReview results
Failed❌Scan ended with errorCheck error logs
Useful Information

From this page, you can view the results of both scheduled discovery tasks and manual discovery operations. Past scan records are also saved, allowing you to analyze your discovery performance.