How does a discovery engine handle devices that connect intermittently?

Discovery engines maintain historical records of devices they have seen, even when those devices are not currently connected. When a device reconnects, it is matched to its existing record rather than treated as new. Intermittent devices — portable medical equipment, shift-based manufacturing tools — are tracked accurately as long as the monitoring coverage includes the network segments they connect to.

Definition

Discovery Engine

ORDR's technology for automatically identifying and profiling devices using passive traffic analysis, selective active probing, and API integrations with existing infrastructure tools.

What is Discovery Engine?

ORDR's technology for automatically identifying and profiling devices using passive traffic analysis, selective active probing, and API integrations with existing infrastructure tools.

A discovery engine is the technology responsible for finding and identifying devices on a network — the first step in any asset intelligence program. ORDR's discovery engine combines multiple complementary discovery methods to achieve comprehensive coverage across all device types and network environments.

Passive discovery forms the foundation: sensors deployed at network tap points or SPAN ports capture all passing traffic and analyze it to identify devices from their communication patterns, DHCP requests, mDNS broadcasts, and protocol behavior. This method is safe for all device types, including sensitive OT and medical devices that cannot withstand active probing.

Selective active discovery supplements passive observation for managed IT endpoints that can safely handle it — using SNMP, WMI, and other standard management protocols to query additional device attributes. API integrations with existing infrastructure — wireless controllers, DHCP servers, switches, directory services, and third-party security tools — add further data sources. The result is a comprehensive discovery pipeline that maximizes coverage while respecting the constraints of sensitive environments.

Key Facts

ORDR's discovery engine supports passive, selective active, and API-based discovery simultaneously
Multi-method discovery achieves 95%+ coverage in complex environments with mixed IT, IoT, and OT devices
New devices are typically discovered and classified within minutes of first network connection
API integration with wireless controllers and DHCP servers extends discovery without additional sensor hardware

How ORDR Addresses Discovery Engine

ORDR's discovery engine is the foundation of the platform — every risk score, behavioral baseline, vulnerability assessment, and policy recommendation starts with accurate device discovery. The engine continuously discovers new devices as they connect, updates device records as attributes change, and integrates with existing infrastructure to build the most complete picture of the connected asset environment.

See ORDR in action

Frequently Asked Questions

Back to Glossary

See Discovery Engine in practice.

ORDR gives security teams complete visibility into every connected asset—and the intelligence to act on what matters most.

REQUEST A DEMO Explore Resources