Auto-Discovery Feature

You can enable Auto-Discovery of ESXi hosts managed by a vCenter and/or virtual machines hosted on ESXi hosts managed by a vCenter. Instead of manually entering in ESXi Hosts and virtual machines in the target settings, enablement of the Auto-Discovery option automatically adds to a scan; all ESXi hosts discovered on the vCenter and, if enabled, virtual machines hosted on each discovered ESXi host.

Note: This feature is only available when scanning vCenter/ESXi versions 7.0.3 and above.

Note: Auto-Discovery does not automatically add the ability to authenticate remotely to ESXi hosts and virtual machines. You can add additional SSH credentials to authenticate to the ESXi host discovered and added to the scan, as well as SSH/Windows credentials to authenticate to virtual machines discovered and added to the scan.

Why would you prefer Auto-Discovery over manual entry of ESXi and virtual machine targets?

  • This is especially convenient for users with large volumes of ESXi hosts and virtual machines who want to scan the entire environment. Tenable removes the need to “know before you go” and reduces time in scan creation and preparation.

  • Some users have their ESXi hosts configured behind a firewall, or simply do not allow any incoming traffic. The manual entry method does not work in this case because the scanner cannot communicate with the host. An additional capability of the Auto-Discovery feature allows these particular ESXi hosts to “live” in the scan. At minimum, this allows VIBs reporting on each ESXi host and vulnerability plugins related to version checks to execute. Here is a Tenable Community post with additional details of this capability.