Discovery

This section details how to configure Discovery campaigns. An EverTrust Horizon Discovery campaign will contain all certificates discovered on a specific scope.

A discovered certificate can be:

  • An unknown certificate.
    > All certificate information will be stored and this certificate will appear as an ' unmanaged ' certificate.

  • An already discovered certificate (due to another Discovery campaign).
    > Discovery campaign metadata will be added to the existing certificate.

  • A managed certificate.
    > Discovery campaign metadata will be added to the existing certificate.

How to create a Discovery Campaign

1. Log in to Horizon Administration Interface.

2. Access Discovery from the drawer or card: Discovery.

3. Click on Add.

4. Fill in all mandatory fields.

General tab

  • Campaign name* (string input):
    Enter a meaningful Discovery campaign name.

  • Description (string input):
    Enter Discovery campaign description.

  • Enable (boolean):
    Enable/Disable this Discovery campaign.

  • Grading policy (select):
    The grading policy to apply to every discovered certificate on this campaign.

  • Search (select):
    Select an authorization level to search this Discovery campaign.

  • Feed (select):
    Select an authorization level to feed this Discovery campaign.

Authorization schema

  • Log event on success* (boolean):
    Enable/Disable discovery event on success.

  • Log event on failure* (boolean):
    Enable/Disable discovery event on failure.

  • Log event on warning* (boolean):
    Enable/Disable discovery event on warning.

Host tab

  • Hosts (string input or int):
    Specify the target to scan. Can be hostname(s), IP address(es), IP range or CIDR address(es). It is possible to add several hostnames separated by commas.

Port tab

  • Ports (string input or int):
    Enter the port(s) to scan on hosts. It is possible to add several ports separated by commas or to add a port range separated by an hyphen (ex: 1-1000 to go from 1 to 1000). If no ports are specified, ports 25, 443, 663, 8443 are scanned by the Horizon Client.

Hosts and ports should only be set if you intend to perform a network scan using horizon-cli in order to discover the certificates. These parameters are ignored in all other discovery modes (local scan, third party import).

6. Click on the save button.

You can edit Edit Discovery, flush Flush Discovery or delete Delete Discovery the Discovery.

How to flush a Discovery Campaign

Flushing a Discovery campaign is the action to remove Discovery campaign reference from all discovered certificates.

There are three different cases:

  • If the certificate is not managed by Horizon (only discovered by a Discovery campaign) AND only referenced by the campaign you are willing to flush → The certificate will be removed from the Horizon database.

  • If the certificate is not managed by Horizon but is referenced by at least another Discovery campaign → The certificate will NOT be removed from the database and only the Discovery metadata will be removed from the certificate.

  • If the certificate is managed by Horizon → Only the Discovery metadata will be removed from the certificate.

1. Log in to Horizon Administration Interface.

2. Access Discovery from the drawer or card: Discovery.

3. Click on Flush Discovery.

4. Click on the Confirm button to perform the flush.