About Discovery and Audit
AlloyScan builds and maintains your IT inventory through two related processes: Discovery (also called Scan) and Audit. Together they answer two distinct questions about your network — what is out there? and what is each thing made of?
How discovery and audit work
Discovery is the lightweight first phase. AlloyScan reaches into a defined portion of your network — a Segment — and identifies devices by their basic identity attributes: NetBIOS name, DNS name, MAC address, IP address, and operating system family. The output is a list of devices that exist in scope, with just enough information to decide whether each one should be examined more deeply.
Audit is the detailed second phase. For each device you choose to audit, AlloyScan collects full hardware, software, configuration, and security state — installed programs and versions, processors, memory modules, network adapters, services, user accounts, security posture, and more. Audit data flows from an Audit Service or an Audit Agent back into the Inventory, where it powers per-device forms, the Software catalog, Reports, and the Dashboard.
You drive both processes through a few core concepts:
- A Segment defines a portion of your network and its discovery method (an address list, an Active Directory domain, or a cloud account).
- An Audit Service is a Windows-hosted component that performs agentless discovery and audit inside your network.
- An Audit Agent is installed on an endpoint that needs to be audited from outside your network.
- A Credential is a stored secret used by an Audit Service to authenticate to a target device.
- An Inventory is the per-site collection of audited devices and their snapshots.
Audit methods
AlloyScan supports both agentless and agent-based audits. You can use either method on its own or combine them in the same Site; both methods feed the same Inventory model.
Agentless audit uses an Audit Service installed on a Windows computer in the customer network. The service discovers devices in Segments, authenticates with stored Credentials, collects inventory data from supported computers, network devices, hypervisors, and cloud resources, and sends audit data and logs to AlloyScan over HTTPS. This method does not require installing an agent on every target, but the required ports and protocols must be available inside the Segment.
Agent-based audit uses an Audit Agent installed on each Windows, macOS, or Linux computer you want to track. The agent collects hardware and software inventory data locally and sends it to AlloyScan over outbound HTTPS port 443. Use this method for remote or offsite computers that have internet access but are not reachable by an Audit Service.
Segment types at a glance
AlloyScan supports five Segment types:
| Type | Use it for | Status |
|---|---|---|
| Address list | IP ranges, subnets, DNS names, NetBIOS names, and mixed network targets | Available |
| Domain | Active Directory domain computers | Available |
| AWS | AWS cloud resources | Preview |
| Azure | Azure cloud resources | Preview |
| Google Cloud resources | Preview |
Cloud Segments write results into the matching cloud sections of Inventory after a successful scan and audit. Because the cloud types are in Preview, verify provider-specific wizard fields and resource coverage on the target deployment.
Why two phases
Splitting discovery from audit lets you spend audit effort intentionally. Discovery is cheap and broad — running a Scan does not consume your monthly audit quota. Audit is more expensive: it consumes against the Audits per month limit, generates detailed snapshots, and triggers Change tracking. A typical operator pattern is to discover everything in scope, place noise out of scope using the Ignore list, then audit only the devices that matter.
If you want discovery and detailed collection to happen in one flow, enable Automatically audit discovered devices in the Segment settings. This is useful for transient or short-lived devices, but it also means every discovered device that is audited consumes audit quota.
Key distinctions
- Scan discovers existence and basic identity. Audit collects detailed state.
- Audit Service runs inside your network and audits many devices agentlessly. Audit Agent runs on a single endpoint and pushes audit data over outbound HTTPS.
- Scan schedule runs against a Segment (many devices). Audit schedule runs against a single device (at most one schedule per device).
- A Segment without an assigned Audit Service can still display devices found by previous scans, but cannot run new scans or audits.
- Agentless covers computers, network devices, hypervisors, and supported cloud resources. Agent-based covers computers that can run the Audit Agent.
Limitations
- AlloyScan does not push patches, deploy software, or perform vulnerability scanning. It records observed state.
- Cloud Segments (AWS, Azure, Google) are in Preview and subject to change.
- Mobile device audit (iOS, Android) is not implemented.
- Manual device add is not implemented — devices must be discovered.
- Windows targets must be in the same Active Directory domain as the Audit Service host for agentless scan; cross-domain or workgroup targets require an Audit Agent.