Discovery using Commander
Performing resource discovery through Keeper Commander CLI
Overview
In this guide, you will learn how to discover resources within your target infrastructure using Discovery with Keeper Commander.
Prerequisites
Prior to using Discovery on Commander, make sure to review the Discovery Basics documentation.
Starting Commander
Login to Keeper Commander CLI using the keeper shell
command.
$ keeper shell
List the Gateways
Run the command pam gateway list
or pam g l
command to list all gateways
My Vault> pam gateway list
KSM Application Name (UID) Gateway Name Gateway UID Status
-------------------------------------------------------------------------
AWS Rotation Canada AWS ce_Gg4jGS2a1ywiMo61Sow ONLINE
Azure AD Azure useast1 j-xC9HwOQEKCfVsdyfdeLg ONLINE
KeeperPAM US-WEST-1 US-WEST-1 QPkRsR8KQmf_4vnHTcofZA ONLINE
Windows Domain lureydemo.local rB8bR3drQrqPErKDzbKl9g ONLINE
My Vault>
The Gateway UID is required to start the discovery process.
Start Discovery Job
Run the pam action discover start
command to start a discovery job. The Gateway UID must be provided with the -g
option.
pam action discover start -g QPkRsR8KQmf_4vnHTcofZA
View Status of Discovery Job
View the status of the active discovery job by with pam action discover status
My Vault> pam action discover status
Job ID Gateway Name Gateway UID Status
============== =============== ====================== ============
JOBGQyK8PQYlhc KeeperPAM GW1 QPkRsR8KQmf_4vnHTcofZA COMPLETE
There is one COMPLETED job. To process, use the following command.
pam action discover process -j JOBsR5G0VQBVV0
After a discovery job is complete, the detailes status information can be viewed by running:
pam action discover status -j JOBsR5G0VQBVV0
Proceed to the next step once the Discovery job's status is COMPLETE. Depending on how big your environment is, this may take a few minutes.
Process the Discovery Results
Once the discovery job is completed, you can process the findings with the provided Job ID.
pam action discover process -j JOBsR5G0VQBVV0
An interactive CLI session will start where you will be shown information on discovered assets and will be able to provision them as PAM Record types in your vault.
My Vault> pam action discover process -j JOBsR5G0VQBVV0
AWS EC2, us-west-1, Gateway3 - RHEL8, 10.0.0.139
Record Title: Aws AWS-US-WEST-1, EC2 us-west-1 Gateway3 - RHEL8
Label: pamHostname, Type: pamHostname, Value: Hostname: 10.0.0.139, Port: 22
Label: operatingSystem, Type: text, Value: linux
Label: sslVerification, Type: checkbox, Value: False
Label: instanceName, Type: text, Value: Gateway3 - RHEL8
Label: instanceId, Type: text, Value: i-0319d6e8703875706
Label: providerGroup, Type: text, Value: None
Label: providerRegion, Type: text, Value: us-west-1
[2/2] (E)dit, (A)dd to Resources, Add to (F)older, (S)kip, (I)gnore, (Q)uit> A
Adding record to save queue.
During the Discovery process, you may be prompted to provide a PAM User record or create one on the fly to associate administrative credentials with the target resource.
Once the initial process is complete and administrative credentials have been supplied, you can run another Discovery job. This subsequent job leverages the provided credentials to delve deeper into the target resources, identifying local user accounts, services, and scheduled tasks.
Exploring Commander Capabilities
Keeper Commander provides many advanced capabilities for managing gateways, configurations, rotations and discovery. See the KeeperPAM Commands for a list of all available options.
Last updated
Was this helpful?