Thank you for choosing Block 64’s rapid discovery technology to assist with your project!
What is the Block 64 Discovery Application?
Block 64’s Discovery Application gathers data about your environment to assist you in uncovering risk, opportunities to optimize, and chances to reduce unnecessary expenditures.
The Data We Gather
- Network: By scanning your internal subnets, we can detect all devices on the network and store their IP addresses.
- Hardware: Manufacturer and model information is recorded, as well as hardware-specific details like CPU and RAM.
- Software: From general installed software records to database instances, we collect as much as we can without accessing personal data.
- Active Directory: By pulling user and device data from Active Directory, we can gain useful analytical insights as well as have a reference for discovery progress.
- Virtual Infrastructure: Collecting virtual management, host, and guest relationships is relevant to cloud readiness and server optimization activities.
- Usage and Performance Data: Activity metering and resource utilization are valuable in assessing your cloud readiness and uncovering optimization opportunities.
Our application is designed to be a simple and quick method of gathering discovery data, in scenarios where a simple snapshot is required or virtual architecture is not available to deploy our flagship virtual appliance. We have compiled a Security FAQ that is available on our website.
Who will have access to my data?
How much of my time will this take?
Truly, very little. The setup of the application takes 10 minutes or less. Once the proper network scope and service accounts are input, the rest is handled by the tool – just leave it running, and let it do its thing. If you need a hand, just contact us at our help center. We’ve worked hard to make this easy!
Operating System and Hardware Requirements
- Minimum: Windows 7 64-bit SP1 or Windows 2008 R2 SP1 (or newer), 8GB of available RAM, CPU w/ 4 cores
If possible, we recommend installing Block 64 Discovery Application on a non-mission critical endpoint for example, do not install on a Domain Controller, SQL Server, etc. to avoid an unlikely scenario of interruptions or slower server response times due to increased workload.
Outbound internet connectivity is required to authenticate the application with our cloud services. Ensure that the machine is able to connect to combine.block64.com.
More information on the minimum system and hardware requirements can be found here.
Downloading the Application and Activation Codes
You will want to ensure that email@example.com has been added to your whitelist or add the block64.com domain in its entirety as the download link and activation codes will be sent via e-mail to your inbox.
You’ll want to have on hand:
- Network: All internal networks in scope; CIDR notation or single IP addresses by line or .txt file
- Active Directory: A domain controller per domain in scope; IP address or FQDN formats are accepted
- Windows Inventory: A service account that has the following 3 levels of access will accomplish inventory:
- Access to C$ (Example: \\10.0.0.50\ADMIN$\... or \\192.168.2.5\ADMIN$\...)
- The ability to run NET RPC / Remote Registry (Collection of Software/Hardware data)
- Remote WMI (Read-Only Polling of CPU, RAM Usage & Disk IOPS)
- Virtual Infrastructure: Read-only administrator credentials for each vCenter Server in scope.
- Linux Inventory: A local or domain credential with access to files in /proc/. Superuser rights are preferred for accurate data collection but are not required.
- Microsoft 365 & Azure API data:
- Microsoft 365 - Your global administrator account, for authentication of our application, to gather read-only Office 365 such as your Secure Score, Usage and Activation data.
- Azure - your Azure administration account, to gather Azure Advisor and Virtual Machine data.
- Cloud-hosted Endpoint Inventory: A local administrative or service account for each endpoint that has access to the protocols required for full inventory (WMI, SMB, RPC).
The Network Ports We Leverage
A question we often get leading up to deployment or during troubleshooting is: what ports will your inventory and other processes be leveraging on my network? We have a complete list below – but some good news is that these ports are very rarely – if ever – blocked. Here is the complete list of ports we presently leverage for inventory purposes:
- TCP 135, 1025-5000 and 49152-65535 (WMI)
- TCP 445 (SMB – RPC)
- TCP 1025 (Alternate Netbios)
- TCP port 465 (SSL-Encrypted Email)
- TCP 139 (NetBIOS)
- UDP 137 (NetBIOS)
Active Directory Data:
- TCP 389 (LDAP)
- TCP 636 (LDAPS)
External Data Feeds:
- HTTP 80 (External Data Feeds)
- HTTPS/SSL 443 (External Data Feeds + Updates/Patches + External Data/Debug Transfer)
- TCP 22 (SSH) (OSX + POSIX-Compliant Inventory + CLI access)
We have created instructions to create and apply a GPO that allows for inventory in a Windows Defender environment available here. A whitelisting guide for third-party security software can be found here.
*Please note that we require a rule to be created for endpoints which allow Inbound connectivity from the Host-Machine only.