How to choose a Segment type
Choose the Segment type before you create a Segment. The type determines what AlloyScan discovers, which credentials it asks for, and which Inventory sections receive the results.
Segment types
AlloyScan supports five Segment types:
| Type | Use it for | Status |
|---|---|---|
| Address list | IP ranges, subnets, DNS names, or NetBIOS names inside a reachable network | Available |
| Domain | Active Directory domain computers | Available |
| AWS | AWS cloud resources | Preview |
| Azure | Azure cloud resources | Preview |
| Google Cloud resources | Preview |
Choose Address list
Use an Address list Segment when you know the network addresses you want AlloyScan to scan.
Good examples:
- a subnet such as a server VLAN
- a list of IP ranges
- a group of named hosts
- SNMP devices such as printers and switches
- mixed targets where the Audit Service can reach the devices directly
Address list Segments can use Windows, Linux and macOS, Hypervisor, or SNMP credentials, depending on the targets.
Choose Domain
Use a Domain Segment when the targets are Active Directory domain members.
Choose this type when:
- the Audit Service host is in the same Active Directory domain as the targets
- a Windows credential can enumerate computer objects in the domain
- you want AlloyScan to discover domain computers without entering address ranges manually
For cross-domain or workgroup machines, use Audit Agents instead of relying on a Domain Segment.
Choose AWS, Azure, or Google
Use a cloud Segment when you want AlloyScan to discover and audit resources from a cloud provider account, subscription, or project.
| Cloud type | Typical credential | Inventory result |
|---|---|---|
| AWS | AWS access key and secret, or IAM role | AWS Inventory sections such as EC2 instances, AMIs, Subnets, VPCs, S3 buckets, RDS, load balancers, security groups, key pairs, and network interfaces |
| Azure | Tenant ID, Client ID, Client secret | Azure Inventory sections such as virtual machines, application gateways, load balancers, network interfaces, public IPs, resource groups, subscriptions, virtual networks, volumes, and security groups |
| Project ID, client email, private key, or JSON key file | Google Inventory sections such as VM instances, images, load balancers, public IPs, security groups, subnets, VPCs, volumes, and Bigtable resources |
Cloud Segments are marked Preview. Resource coverage and wizard fields can change between releases.
Decision checklist
Before creating the Segment, confirm:
- The Segment type matches the target source.
- An active Audit Service is available for agentless or cloud scan execution.
- The matching credential type exists in the Audit Service's credential pool.
- Required ports or cloud API access are available.
- You know whether the Segment should have a scan schedule.
- You know whether newly discovered devices should be audited automatically.
- You know whether an Auto tag should be applied to devices discovered by this Segment.