Instant discovery
Instant discovery is a streamlined discovery tool for building your DigiCert® Trust Lifecycle Manager inventory from multiple sources at once, including CT logs, cloud scanning, and linked CertCentral accounts. Available from the dashboard, instant discovery runs as a one-time scan with minimal setup.
Before you begin
To verify availability of the instant discovery feature, go to the Trust Lifecycle Manager Dashboard and look for the Instant discovery banner at the top of the page. For help verifying or enabling this feature, contact your DigiCert account representative.
Run instant discovery
To build your inventory using instant discovery:
In the Trust Lifecycle Manager menu, go to Dashboard.
In the instant discovery banner, select Run instant discovery.
Follow the prompts to configure instant discovery options. The specific options you see depend on your account setup and may include:
Select a business unit: By default, account resources created for instant discovery are assigned to the default business unit (BU). If your account doesn't have the default BU, you're prompted to choose a specific administrative BU to use and whether to apply this same BU to discovered certificates.
Import certificates from CertCentral: By default, instant discovery imports your existing certificates from DigiCert CertCentral®. If you already have three or more CertCentral connectors, you're prompted to choose the specific CertCentral accounts to import certificates from.
Select discovery methods: Select whether to discover certificates through the Certificate Transparency (CT) logs, cloud scanning, or both.
Public domains & IPs: Enter domain and IP targets to scan for certificates, or import them from a CSV file.
Domains you enter are used to find certificates in both the CT logs and cloud scans. IPs only apply to cloud scans.
Domains and IPs from your CertCentral accounts are automatically added to the list of targets if enabled for discovery.
To add more domains or IPs to the list of active targets, type them in the provided input and select Add.
Targets: The list of domains and IP targets to include for certificate discovery. To remove targets from the list, use one of the following options:
To remove a single target, select the trash icon on the right.
To remove multiple targets, use the checkboxes to select them, then select Delete selected.
To remove all targets, select Delete all.
Importante
All targets in the list are included for discovery, whether or not they're currently selected. The checkboxes are only used to select multiple listings for removal.
Organization names: The list of organizations to search for the CT logs discovery method. If this method is enabled, it looks for certificates with these names in the Organization (O) field.
Organizations from your CertCentral accounts are automatically included if enabled for discovery.
To add more organizations to the search, type them in the provided input.
Select Start discovery at the bottom to run instant discovery with the options you selected.
Track scan results
After submitting the instant discovery scan, progress and results are shown on the Inventory page:
The progress bar tracks scan completion percentage. Large scans can take a few minutes to complete.
The counters and inventory table below the progress bar show the number of certificates discovered. Select Refresh to force update partial results.
When instant discovery is complete, all discovered certificates are reflected in the counters and added to your Trust Lifecycle Manager inventory.
What's next
All certificates discovered through instant discovery are tagged with the Instant discovery tag. Use this tag to help monitor and manage the discovered certificates on an ongoing basis.