Sites

By default, your account includes a single organization, which itself contains a single site, named Primary. If the only site in an organization is deleted, a replacement will be created automatically. Similarly, if the last organization is removed, a replacement will be created. You can rename organizations and sites at any time.

Every organization has at least one site, but may have multiple sites. A site represents a distinct network segment, usually defined by addressing or accessibility. Sites in runZero do not necessarily correspond to physical sites or locations. Instead, they are used to represent distinct networks that may have overlapping address space. This allows for multiple sites to use the same RFC1918 space, something common in retail, while still being possible to differentiate their assets within the inventory.

Because sites represent separate networks, if you set up two sites and scan the same devices from both, you will end up with two copies of the resulting assets, one set for each site’s network.

All analysis actions within runZero occur at the site level. For example, reports such as the switch topology report analyze a single site’s devices, so you will likely want to avoid splitting routers and non-router assets into separate sites unless they are truly on separate disconnected networks.

Use cases for sites

For flat networks, where every IP address can reach any other address on the network, a single site is usually enough, and avoids the possibility of accidentally creating duplicate assets by scanning the same devices from multiple sites. Sites are recommended for complicated, sprawling, and highly-segmented environments.

Two circumstances that could lead to multiple sites:

  • Overlapping IP space: sites will allow you to differentiate identical IPs that are actually different machines if you have overlapping IP space.
  • Highly complex network: sites would not be required in this case, but they can be used as an organizational tool.

Creating sites

To create a new site, click the New Site button on the top of the sites page.

Site configurations

  • Name: The name of your site.
  • Description: The description can help identify the purpose of the site.
  • Default scan scope: The default scan scope will be pre-populated when creating scans for this site.
  • Default scan exclusions: The default scan exclusions will be pre-populated when creating scans for this site.
  • Registered subnets: Registered subnets can be used to automatically tag assets, services, screenshots, and software that fall within each subnet.

Subnet tagging

Tagging based on subnet works a little differently to directly tagging assets or tagging them via a task.

If a subnet is defined to have a specific tag, then only assets in that subnet will be given that tag. The tag will be removed from any assets not in the subnet, even if set by a task or set manually.

Importing and exporting sites

Site configurations can be created or updated based on a CSV file import. Import your CSV from the sites page. The CSV format should include the following:

name,description,scope,exclusion,subnet_ranges,subnet_tags,subnet_descriptions

Your site configurations can also be exported as a CSV from the sites page.

Sites and Explorers

Sites can be tied to specific Explorers, which can help limit traffic between low-bandwidth segments. The site configuration allows a default scan scope to be defined, along with an optional list of excluded scan scopes. These fields can be used to set the scan scope for scans of the site.

If you would like to tie an Explorer to a site, navigate to the Explorers page, click the Explorer you would like to tie to the site, and then click configure. After that, you will see a dropdown with your site options.

Updated