Using the inventory
The Inventory page is the heart of Rumble Network Discovery and the key to understanding what is on your network. The inventory displays all assets within the Organization and can be sorted, filtered, and exported to obtain specific views of the environment.
An asset within Rumble is defined as a unique network entity. Assets may have multiple IP addresses and MAC addresses and these addresses may change as the environment is updated. Rumble tracks assets based on several heuristics, including MAC address, IP address, hostnames, and fingerprint results for the operating system and running services.
In most cases, Rumble can accurately follow assets over time in environments using DHCP, even across remote subnets. For external networks, scans that are initiated with fully qualified hostnames will consolidate assets based on the hostname, which allows for consistent asset tracking for cloud-based external systems with dynamic IP addresses.
Within an organization, assets are isolated by site, and each site can have address space that overlaps with other sites. Sorting the Inventory view based on the site column can help in these scenarios, as can filtering the Inventory based on a specific site name.
The search field allows the inventory to be filtered based on the specified criteria. Please see the Search Query Syntax documentation for specific details.
In addition to viewing assets, the Inventory page provides data export functionality, along with the ability to select assets, and specify the comments field. The Rescan action can be used to selectively rescan specific systems from the inventory, while the Remove Assets and Purge Assets can be used to permanently remove data from the inventory view.
The Reports button provides quick access to key reports from the Rumble reports page.
Data is loaded into the inventory using the Scan and Import buttons. The results are analyzed and merged, updating asset information as necessary.
The Scan button has two options: Standard Scan and Full RFC 1918 Discovery. The latter is an easy way to set up a fast scan of all private range IP addresses. You can then use the coverage reports to check for assets in unexpected private address ranges.
The Import button has two options. Importing Rumble Scan Data allows you to import data that was scanned by the standalone Rumble scanner. This means you can scan networks that have no connectivity to the Internet, and still view the results in the Rumble console. It’s also useful for reprocessing old scan data so that you can use the site compare feature to see how assets have changed over time.
The bulk asset update feature allows you to modify assets by exporting a CSV using the Export button, making changes to the data in a spreadsheet program, and then importing the result back into Rumble.
Connecting to other systems
The Connect button lets you connect Rumble to other systems. Depending on your license level, these may include:
- Sources of cloud and VM inventory information
- Endpoint detection and response systems
- Sources of Internet scan data
- Mobile Device Management (MDM) systems
The Inventory page has a submenu labeled Services. This changes the table of data from an asset-focused view to a service-focused view. For each asset, you will see one row for each service Rumble detected.
If the Rumble Explorer has access to Google Chrome, it will attempt to take screenshots of web pages it finds while scanning your network. (This feature can be disabled in the scan options when setting up the scan.)
You can view the screenshots for all of your assets via the Screenshots submenu, and click through to the asset records for full details.
The inventory page has a submenu labeled Software. This flips the table of data from an asset-focused view to a software-focused view. For each asset, you will see one row for each software detected by Rumble or a supported integration.
The inventory page has a submenu labeled Vulnerabilities. This flips the table of data from an asset-focused view to a vulnerability-focused view. For each asset, you will see one row for each vulnerability detected by a supported integration.
Viewing wireless networks
If the machine running the Rumble Explorer has a working WiFi adapter, the explorer will attempt to scan for nearby wireless networks. The Wireless submenu will show the results of the scan.