Directory Node

Node scans typically display all categories of configuration items, including 'Groups', 'Packages', 'Users', and more. However, Guardian offers the additional capability of generating a more focused view of your files and directories, for both Windows and Linux node types, by adding them as a directory node. Which, in turn, allows you to specify specific files and directories for scanning. For example, if you had a web app hosted at the /path/webappA and you wanted to compare it to the /path/webappB on the same web server node, you could add both directories to the same node and track configurational differences using file differencing. For more information, see File Differencing.

Note: Guardian supports both Linux and Windows directory node types.

Once a Connection Manager has been set up, you can add directory nodes for Agentless scanning. The following topic describes how to add a directory node to your instance for monitoring.

Add a Linux Directory Node

A Linux directory node allows you to scan files and directories and monitor changes on your node(s) over time, enabling File Differencing.

Warning: The following process assumes that you already have a Linux Connection Manager configured within your Guardian instance. For more information, see Linux Connection Manager.

To add a Linux directory node for Agentless scanning, complete the following steps:

In the Guardian web application, navigate to the Add Nodes tab (Inventory > Add Nodes). The Add Nodes page is displayed.
Select the 'Linux Directory' node type and click the Go Agentless button to proceed. The Connect Agentlessly to Linux Directory page is displayed.

Here, complete the following options:

Option	Description
Connection Manager group drop-down list	The Connection Manager group that is responsible for scanning your Linux directory node. Select a Connection Manager group from the drop-down list.
Node Name field	The name of the node. The value you enter here will be used as the display name in Guardian.
Hostname / IP Address field	The hostname of your node. Provide the address to connect to for Agentless scanning via the Linux Connection Manager. Note: Typically, this is the fully qualified domain name (FQDN). However, it could also be the IP address.
Directory path field	The absolute path to the file or folder that you want to be scanned. For example, `/etc/*/.conf`. Tip: For more information on the different syntax and rules you can use here, see Syntax Rules. This can be left blank if the scan options are set up at the node group level. For more information, see Scan Options.
Scan raw contents of files checkbox	Option to scan the raw file contents. By default, the scan collects text file contents as an MD5 checksum. If this checkbox is selected, the scan will read the raw contents of the file and enable change detection to be executed on the file contents. Note: The contents of binary files and files exceeding 100KB are not retrieved during a scan, regardless of whether this checkbox is selected.
SSH Port (Optional) field	The Secure Shell (SSH) port number that the Linux Connection Manager uses to communicate with the target nodes for scanning. If no value is provided, Guardian will default to port 22. Note: If you enter a port number that is different to the default (port 22), make sure that it matches the port number that the administrator of the target node is using to run their SSH server.
Select credential type radio buttons	The credentials to be used when authenticating Guardian's access to the node. The following options are available: SSH Key – Option to use an SSH key to authenticate Guardian's access to the node. Enter the Username, then copy the displayed command and run it on the node to create the necessary files. For more information, see Key-Based Authentication. Password – Option to use a stored credential. Select an option from the Credentials drop-down list. Additionally, you can select 'Add New Credential' to display the Create Credential dialog if you anticipate using these same credentials for other nodes or integrations. For more information, see Create Credential. Note: This option is only available if you have the Credentials feature enabled. If you don't, you'll be prompted to enter a Username and Password for authentication. Microsoft Entra ID – Option to use the Azure CLI service principle credentials that are configured to use SSH. Enter the following information: Username field – The username of the service principal configured to use SSH. Azure CLI service principal password field – The password of the service principal configured to use SSH. Azure CLI service principal tenant field – The tenant ID of the service principal configured to use SSH. Azure CLI login command (Optional) field – The az login command for Azure CLI. Note: This option is only available if you have the Microsoft Entra ID feature enabled. Service Account – Option to use the same credentials currently being used by the selected Connection Manager. No further input is needed.

Once you've completed the above options click Scan Node to add the Linux directory node to your Guardian instance.

Now, Guardian performs an initial scan of the node. You can wait on this page for the scan to finish, at which point you will see a View Scan button. To view the results of this initial scan, click View Scan. However, you can also navigate elsewhere while Guardian performs its initial scan of the node. You can then view the status of the scan on the Job History page (Inventory > Job History). For more information on what to do next after adding a node, see below.

Add a Windows Directory Node

A Windows directory node allows you to scan files and directories and monitor changes on your node(s) over time, enabling File Differencing.

Warning: The following process assumes that you already have a Windows Connection Manager configured within your Guardian instance. For more information, see Windows Connection Manager.

To add a Windows directory node for Agentless scanning, complete the following steps:

In the Guardian web application, navigate to the Add Nodes tab (Inventory > Add Nodes). The Add Nodes page is displayed.
Select the 'Windows Directory' node type and click the Go Agentless button to proceed. The Connect Agentlessly to Windows Directory page is displayed.

Here, complete the following options:

Option	Description
Connection Manager group drop-down list	The Connection Manager group that is responsible for scanning your Windows directory node. Select a Connection Manager group from the drop-down list.
Node Name field	The name of the node. The value you enter here will be used as the display name in Guardian.
Hostname / IP Address field	The hostname of your node. Provide the address to connect to for Agentless scanning via the Windows Connection Manager. Note: Typically, this is the fully qualified domain name (FQDN). However, it could also be the IP address.
Directory path field	The absolute path to the file or folder that you want to be scanned. For example, `C:\Windows\System32\*\.ini`. Tip: For more information on the different syntax and rules you can use here, see Syntax Rules. This can be left blank if the scan options are set up at the node group level. For more information, see Scan Options.
Scan raw contents of files checkbox	Option to scan the raw file contents. By default, the scan collects text file contents as an MD5 checksum. If this checkbox is selected, the scan will read the raw contents of the file and enable change detection to be executed on the file contents. Note: The contents of binary files and files exceeding 100KB are not retrieved during a scan, regardless of whether this checkbox is selected.
WinRM Port field	The port that the Connection Manager will use to reach your Guardian instance. Typically, this is port 5985 for HTTP-based connections or port 5986 for HTTPS/certificate-based connections.
Credentials drop-down list	Option to use a stored credential. Select an option from the drop-down list. Additionally, you can select 'Add New Credential' to display the Create Credential dialog if you anticipate using these same credentials for other nodes or integrations. For more information, see Create Credential. Note: This option is only displayed if you have the Credentials feature enabled. If you don't, the Username and Password fields are displayed instead, as described below.
Username and Password field	The username and password of the account configured to use SSH. Note: This option is only displayed if the Credentials feature is not enabled.
Authentication options checkbox	Select to enable an encrypted Transport Layer Security (TLS) protocol when authenticating the username and password of the service account. If selected, the authentication process is encrypted during transmission ensuring that login credentials are protected from being intercepted or compromised by unauthorized parties.

Once you've completed the above options click Scan Node to add the Windows directory node to your Guardian instance.

Next Steps

Once you've added nodes to Guardian, there are a few next steps you can take to get the most out of Guardian and the data it collects. Refer to the topics below for more information on where to go from here.

Node Scan Results – View and filter the data collected by Guardian every time a node is scanned.
Node Groups – Group nodes together based on similar properties like node type, location, and more.
Scan Options – Customize what is scanned on a given node during a node scan.
Configuration Differencing – View differences between two nodes, a group of nodes, two scans of the same node, and more.
Policies – Define expected configuration states and apply them to nodes or node groups.
Integrations – Bring together different systems, applications, or components to work as a unified view and perform different tasks.