Sometimes when applying rules to run on beacons it’s easy to forget that the beacon itself also needs an authorised rule, usually, you can see this in the discovery logs as the following-
Generating subnet ranges. 0 authorized ranges, 0 included |
This usually means that while the rule has been told to scan a set of IP addresses or hostnames none of them are authorised to access by the beacon as the subnets were not assigned to it.
This is a quick guide on how to do this-
First go to your FNMS ui-
Click through to the beacons page-
Click on the “edit pencil” on your beacon you wish to edit-
Now go to the subnets tab-
Once here, click on the search box but leave it empty. And then click search-
This will bring up all available subnets you are able to assign to this beacon, feel free to select some if available and select save-
If this list does not show the subnets you require you will need to set them up as new subnet ranges, to do this go to the subnets menu-
Click on the plus icon next to your chosen Site-
Then enter your subnet range with the included /
Set which beacon you want this assigned
And ensure its enabled,
Once verified be sure to click the Save Floppy Disk Icon.
Once done remember to re-download this beacon policy, closing and re-opening the beaconUI can do this.
I often use this website to calculate what ranges translate into what IPs so you may find it useful: https://www.calculator.net/ip-subnet-calculator.html
For example, in our example case listed above 123.123.123.123/24 includes:
Jun 30, 2020 08:25 AM