Skip to content

Discovery

Discovery enables automated identification of infrastructure components and privileged accounts across supported platforms, reducing manual onboarding effort and improving visibility into access dependencies. By discovering assets and accounts directly from their source environments, Discovery helps ensure that the Credential Vault accurately reflects the systems and identities that require privileged access management.

Discovery supports both visibility-only and import use cases. Depending on the discovery type and configuration, discovered objects can be reported for audit and review purposes or imported directly into the vault with appropriate relationships, memberships, and shadow links established automatically.

Benefits of Discovery

Using Discovery provides the following key benefits:

  • Reduced onboarding effort
    Automatically identify assets and privileged accounts instead of creating them manually.

  • Improved accuracy and coverage
    Discover objects directly from authoritative sources such as operating systems and Kubernetes APIs.

  • Consistent asset relationships
    Automatically establish container hierarchies, membership, and shadow relationships required for access, session management, and credential rotation.

  • Repeatable and non-destructive execution
    Discovery processes can be run multiple times without duplicating existing assets. Newly discovered objects are added, while existing objects and historical data are preserved.

  • Audit and compliance readiness
    Discovery reporting provides visibility into privileged access usage and generates job outputs and event logs for traceability.

Discovery Types

The platform supports multiple Discovery types, each focused on a specific technology or use case. The following Discovery capabilities are currently available:

Kubernetes Discovery

Kubernetes Discovery identifies namespaces, pods, and containers from a Kubernetes cluster and optionally imports them into the Credential Vault as managed assets. Imported Kubernetes objects are organized into a hierarchical container structure and linked to the parent Kubernetes asset using shadow access, enabling immediate connectivity and management.

Kubernetes Discovery is typically used to onboard containerized workloads and enable centralized access control for Kubernetes environments.

Review Kubernetes Discovery

Privileged Account Discovery

Privileged Account Discovery identifies local and domain accounts used for administrative access, services, scheduled tasks, and application pools on Windows devices. Discovered accounts can be reported for visibility or imported into the vault and linked to their corresponding devices.

This discovery type complements other asset discovery integrations and helps organizations identify and manage privileged credentials that might otherwise remain unmanaged.

Review Privileged Account Discovery

Common Discovery Characteristics

Across all Discovery types:

  • Discovery is executed using predefined scripts assigned to assets or asset types.
  • Scripts can be run interactively or scheduled for periodic execution.
  • Reporting and import modes may be available depending on the discovery type.
  • Discovery preserves existing assets and relationships while adding newly discovered objects.
  • Events and job results are logged for auditing and troubleshooting purposes.