Defining the Active Directory/IP Address Scope and Query

When querying for the first time, define the Active Directory/IP address scope, which includes Active Directory objects and IP addresses that the Apex One server will query on demand or periodically. After defining the scope, start the query process.

Note:

To define an Active Directory scope, Apex One must first be integrated with Active Directory. For details about the integration, see Active Directory Integration.

  1. Go to Assessment > Unmanaged Endpoints.
  2. On the Active Directory/IP Address Scope section, click Define Scope.

    A new screen opens.

  3. To define an Active Directory scope:
    1. Go to the Active Directory Scope section.
    2. Select Use on-demand assessment to perform real-time queries and get more accurate results. Disabling this option causes Apex One to query the database instead of each Security Agent. Querying only the database can be quicker but is less accurate.
    3. Select the objects to query. If querying for the first time, select an object with less than 1,000 accounts and then record how much time it took to complete the query. Use this data as your performance benchmark.
  4. To define an IP address scope:
    1. Go to the IP Address Scope section.
    2. Select Enable IP Address Scope.
    3. Specify an IP address range. Click the plus or minus button to add or delete IP address ranges.
    • For a pure IPv4 Apex One server, type an IPv4 address range.

    • For a pure IPv6 Apex One server, type an IPv6 prefix and length.

    • For a dual-stack Apex One server, type an IPv4 address range and/or IPv6 prefix and length.

      The IPv6 address range limit is 16 bits, which is similar to the limit for IPv4 address ranges. The prefix length should therefore be between 112 and 128.

      Table 1. Prefix Lengths and Number of IPv6 Addresses

      Length

      Number of IPv6 Addresses

      128

      2

      124

      16

      120

      256

      116

      4,096

      112

      65,536

  5. Under Advanced Setting, specify ports used by Apex One servers to communicate with agents. 

    To view the communication port used by the Apex One server, go to Agents > Agent Management and select a domain. The port displays next to the IP address column. Trend Micro recommends keeping a record of port numbers for your reference.

    1. Click Specify ports.
    2. Type the port number and click Add. Repeat this step until you have all the port numbers you want to add.
    3. Click Save.
  6. To check the endpoints connectivity using a particular port number, select Declare an endpoint unreachable by checking port <x>. When connection is not established, Apex One immediately treats the endpoint as unreachable. The default port number is 135.

    Enabling this setting speeds up the query. When connection to endpoints cannot be established, the Apex One server no longer needs to perform all the other connection verification tasks before treating endpoints as unreachable.

  7. To save the scope and start the query, click Save and re-assess. To save the settings only, click Save only.

    The Outside Server Management screen displays the result of the query.

    Note:

    The query may take a long time to complete, especially if the query scope is broad. Do not perform another query until the Outside Server Management screen displays the result. Otherwise, the current query session terminates and the query process restarts.