User Guide

How to choose a Segment type

Choose the Segment type before you create a Segment. The type determines what AlloyScan discovers, which credentials it asks for, and which Inventory sections receive the results.

Segment types

AlloyScan supports seven Segment types:

Type Use it for Status
Address list IP ranges, subnets, DNS names, or NetBIOS names inside a reachable network Available
Domain Active Directory domain computers Available
AWS AWS cloud resources Preview
Azure Azure cloud resources Preview
Google Cloud Platform Google Cloud Platform resources Preview
Google Directory ChromeOS and Chromebook devices managed through Google Admin Directory Preview
Jamf macOS computers, iPhone / iPad devices, and other Apple mobile devices managed through Jamf Pro Preview

Choose Address list

Use an Address list Segment when you know the network addresses you want AlloyScan to scan.

Good examples:

  • a subnet such as a server VLAN
  • a list of IP ranges
  • a group of named hosts
  • SNMP devices such as printers and switches
  • mixed targets where the Audit Service can reach the devices directly

Address list Segments can use Windows, Linux and macOS, Hypervisor, or SNMP credentials, depending on the targets.

Choose Domain

Use a Domain Segment when the targets are Active Directory domain members.

Choose this type when:

  • the Audit Service host is in the same Active Directory domain as the targets
  • a Windows credential can enumerate computer objects in the domain
  • you want AlloyScan to discover domain computers without entering address ranges manually

For cross-domain or workgroup machines, use Audit Agents instead of relying on a Domain Segment.

Choose AWS, Azure, Google Cloud Platform, Google Directory, or Jamf

Use a cloud Segment when you want AlloyScan to discover and audit resources from a cloud provider account, subscription, or project. Use Google Directory when you want Chromebook inventory through Google Admin Directory instead of Google Cloud Platform resources. Use Jamf when you want Apple device inventory through Jamf Pro.

Cloud type Typical credential Inventory result
AWS AWS access key and secret, or IAM role AWS Inventory sections such as EC2 instances, AMIs, Subnets, VPCs, S3 buckets, RDS, load balancers, security groups, key pairs, and network interfaces
Azure Tenant ID, Client ID, Client secret Azure Inventory sections such as virtual machines, application gateways, load balancers, network interfaces, public IPs, resource groups, subscriptions, virtual networks, volumes, and security groups
Google Cloud Platform Project ID, client email, private key, or JSON key file Google Inventory sections such as VM instances, images, load balancers, public IPs, security groups, subnets, VPCs, volumes, and Bigtable resources
Google Directory Client email, private key, delegated admin email, optional customer ID Chromebook Inventory sections such as ChromeOS devices, device versions, enrollment data, and recent-user information
Jamf Jamf Pro server root URL, login, password Apple Inventory sections such as macOS computers, iPhone / iPad devices, and other Apple mobile devices

Decision checklist

Before creating the Segment, confirm:

  1. The Segment type matches the target source.
  2. An active Audit Service is available for agentless or cloud scan execution.
  3. The matching credential type exists in the Audit Service's credential pool.
  4. Required ports or cloud API access are available.
  5. You know whether the Segment should have a scan schedule.
  6. You know whether newly discovered devices should be audited automatically.
  7. You know whether an Auto tag should be applied to devices discovered by this Segment.