Your First Discovery

This guide walks you through running your first discovery job and understanding the results.

What is Discovery?

Discovery is the process of connecting to your infrastructure sources (AWS accounts, network devices, etc.) and building a graph of all resources and their relationships.

┌─────────────┐     ┌──────────────┐     ┌─────────────┐
│ AWS Account │     │  Infracast   │     │   Graph     │
│   API       │────▶│   Plugin     │────▶│   Database  │
└─────────────┘     └──────────────┘     └─────────────┘
        ▲                  │                    │
        │                  │                    ▼
        └──────────────────┘              ┌─────────────┐
              Credentials                 │  Topology   │
                                          │  Findings   │
                                          └─────────────┘

Step 1: Add a Credential

Before running discovery, you need credentials to access your infrastructure.

Navigate to Settings

Click Settings in the left sidebar
Select the Credentials tab

Add AWS Credentials (Example)

Click Add Credential and fill in:

Field	Value
Name	`aws-prod-readonly`
Provider	`AWS`
Auth Type	`IAM Role` or `Access Keys`
Role ARN	`arn:aws:iam::123456789012:role/InfracastReadOnly`

IAM Roles are Preferred

IAM roles with cross-account trust are more secure than access keys. They don't require rotating credentials and provide automatic temporary token refresh.

Test the Credential

Click Test Connection to verify Infracast can authenticate.

Step 2: Create a Discovery Job

Navigate to Jobs

Click Jobs in the left sidebar
Click New Discovery Job

Configure the Job

Field	Description
Credential	Select your credential
Regions	Choose regions to discover (e.g., `us-east-1`, `us-west-2`)
Resource Types	Leave blank for all, or specify (e.g., `ec2`, `vpc`, `rds`)
Schedule	One-time or recurring (cron expression)

Example Configuration

credential: aws-prod-readonly
regions:
  - us-east-1
  - us-west-2
  - eu-west-1
resource_types: []  # Empty = all supported types
schedule: "0 */6 * * *"  # Every 6 hours

Start the Job

Click Start Discovery to run immediately, or Schedule to set up recurring runs.

Step 3: Monitor Progress

Job Status

The job will progress through these stages:

Stage	Description	Typical Duration
`PENDING`	Queued for execution	< 1 second
`RUNNING`	Actively discovering	2-15 minutes
`COMPLETED`	Finished successfully	—
`FAILED`	Error occurred	—

View Logs

Click on the job to see detailed logs:

[2024-03-15 10:00:01] Starting AWS discovery for us-east-1
[2024-03-15 10:00:02] Discovering EC2 instances... found 47
[2024-03-15 10:00:05] Discovering VPCs... found 3
[2024-03-15 10:00:08] Discovering Security Groups... found 28
[2024-03-15 10:00:12] Discovering RDS instances... found 5
[2024-03-15 10:00:15] Building relationship edges... 156 edges
[2024-03-15 10:00:18] Discovery completed: 142 nodes, 156 edges

Step 4: Explore Results

Dashboard

After discovery completes, the Dashboard updates with:

Total node count by type
Nodes by provider (AWS, Azure, on-prem)
Recent discovery job history

Topology

Navigate to Topology to visualize your infrastructure:

Search for a resource (e.g., "prod-vpc")
Set depth to 2-3 to see related resources
Click nodes to view properties
Use Trace Path to check connectivity

Asset Explorer

The Assets page shows all discovered resources in a table:

Filter by type, provider, region, or tags
Click any row to see full node details
Export to CSV for reporting

Understanding the Graph

Node Types

Each discovered resource becomes a node with a type:

Provider	Example Types
AWS	`aws.ec2.instance`, `aws.ec2.vpc`, `aws.rds.instance`, `aws.s3.bucket`
Azure	`azure.compute.vm`, `azure.network.vnet`, `azure.storage.account`
Network	`cisco.device`, `paloalto.device`, `juniper.device`
AD	`ad.user`, `ad.group`, `ad.computer`, `ad.ou`

Edge Types

Relationships between nodes are edges:

Edge Type	Meaning
`contains`	Parent contains child (VPC contains subnet)
`attached_to`	Resource attached (instance → security group)
`routes_to`	Network route (subnet → internet gateway)
`member_of`	Membership (user → group)
`connects_to`	Network connection (app → database)

Incremental Discovery

Subsequent discovery runs are incremental:

New resources are added
Changed resources are updated
Deleted resources are marked stale after 7 days
Relationship edges are refreshed

Delta Detection

Infracast tracks resource versions. Only changed nodes trigger audit rule re-evaluation, keeping compliance checks efficient.

Scheduling Discovery

For continuous visibility, schedule recurring discovery:

Common Schedules

Schedule	Cron Expression	Use Case
Hourly	`0 * * * *`	High-change environments
Every 6 hours	`0 /6 * *`	Standard production
Daily	`0 2 * * *`	Stable environments
Weekly	`0 2 * * 0`	Compliance-only

Set Up Scheduling

Edit an existing job or create new
Enable Schedule
Enter cron expression
Save

What's Next?

Now that you have infrastructure data:

Run a Compliance Audit — Check against NIST, CIS, etc.
Add More Sources — Connect network devices, AD, other clouds
Set Up Integrations — Send findings to Jira, Slack, ServiceNow
Install Agents — Get visibility into workstations and servers

What is Discovery?​

Step 1: Add a Credential​

Navigate to Settings​

Add AWS Credentials (Example)​

Test the Credential​

Step 2: Create a Discovery Job​

Navigate to Jobs​

Configure the Job​

Example Configuration​

Start the Job​

Step 3: Monitor Progress​

Job Status​

View Logs​

Step 4: Explore Results​

Dashboard​

Topology​

Asset Explorer​

Understanding the Graph​

Node Types​

Edge Types​

Incremental Discovery​

Scheduling Discovery​

Common Schedules​

Set Up Scheduling​

What's Next?​