Discovery
Discovery sources let you import IP targets from external systems (cloud providers, firewalls, CMDBs) without storing external credentials in mipo — your cloud or CMDB credentials never leave your scripts. Create a source, get an API key, then run your own scripts to push IP lists in. Each source can manage multiple lists, each assigned to different scanners. Scan templates can reference discovery lists alongside subnets.
Inputs
| Name | Description | Allowed Values | Default |
|---|---|---|---|
| Name | Unique name for the discovery source (e.g., "panorama-fw", "aws-prod") | 1–100 characters, must be unique | — |
| Description | Optional description of what this source represents | Free text, optional | — |
Fields & Columns
| Name | Description |
|---|---|
| Sources | API key holders. Each source represents an external system that pushes IPs into mipo. |
| Lists | Named IP collections under a source. Each list can be assigned to a scanner or scanner group. |
| API Key | Shown once on creation. Used in X-API-Key header for push API calls. |
| IP Count | Number of IPs currently in a list. Updated automatically on push. |
| Last Push | Timestamp of the most recent IP push to this source or list. |
How To
Create a discovery source
- Navigate to Config > Discovery and click "Add Source".
- Enter a name and optional description
- Copy the API key immediately — it is only shown once
- Use the key in your push scripts
Push IPs via the API
- These calls use the push API (ingest endpoint) with your X-API-Key header, not the user API.
- Create a list: POST /discovery/lists with { "name": "my-list", "scannerName": "scanner-1" }
- Push IPs: POST /discovery/lists/my-list/ips with { "ips": ["10.0.0.1", "10.0.0.2"] }
- IPs are upserted — pushing the same IP updates its last_seen_at timestamp
- Clean up stale IPs: DELETE /discovery/lists/my-list/ips/older-than with { "olderThan": "<ISO 8601 timestamp>" }
Use discovery lists in scan templates
- Edit a scan template
- Expand the "Discovery Lists" section
- Select one or more discovery lists
- Each IP in the selected lists will be scanned with the template's port lists
Gotchas
- API keys are shown once on creation and cannot be retrieved later. If lost, regenerate.
- Lists referenced by scan templates cannot be deleted or fully emptied.
- Maximum 10,000 IPs per push request. Use multiple requests for larger imports.
- Scanner assignment is per-list, not per-IP. All IPs in a list use the same scanner.
- Discovery IPs are individual hosts (/32 or /128), not CIDR ranges.
API Calls (13)
| Method | Path | Description |
|---|---|---|
| GET | /api/config/discovery-sources | List all sources |
| GET | /api/config/discovery-sources/:id | Get a single discovery source |
| POST | /api/config/discovery-sources | Create source (returns API key) |
| PUT | /api/config/discovery-sources/:id | Update a discovery source |
| DELETE | /api/config/discovery-sources/:id | Delete a discovery source |
| POST | /api/config/discovery-sources/:id/regenerate-key | Regenerate API key |
| GET | /api/config/discovery-lists | List all lists (GUI read-only) |
| GET | /api/config/discovery-lists/:id | Get a single discovery list |
| GET | /api/config/discovery-lists/:id/ips | Get IP addresses from a discovery list |
| POST | /discovery/lists | Create list (Ingest API — uses X-API-Key header) |
| POST | /discovery/lists/:name/ips | Push/upsert IPs (Ingest API — uses X-API-Key header) |
| DELETE | /discovery/lists/:name/ips | Delete specific IPs (Ingest API — uses X-API-Key header) |
| DELETE | /discovery/lists/:name/ips/older-than | Delete stale IPs (Ingest API — uses X-API-Key header) |
Related Pages
- Subnets — Discovery lists complement subnets as scan targets
- Scan Templates — Templates reference discovery lists for target selection
- Scanners — Discovery lists are assigned to scanners for execution