Netify Device Discovery Plugin
Netify device discovery utility identifies all devices communicating within the local network in near real-time and on a continual basis. This lets administrators keep tabs on anything from static, mainstay devices like desktops, printers and routers, to more transient devices, like smartphones and tablets, that regularly come and go from the network.
The plugin is responsible for collecting metadata from the host where the agent is installed and securely sending it up to the Netify cloud for analysis. All classification is done in the cloud and the plugin receives the results of the classification from the machine learning models.
License
The Netify Device Discovery plugin is a proprietary plugin requiring a license. Please contact us for details.
Installation
Netify plugins are distributed through the same packaging workflow as the Netify Agent, allowing for a consistent installation experience using standard package manager syntax. While pre-compiled binaries are readily available for x86_64 architectures via our public mirrors, support for ARM, MIPS, and other specialized architectures is available upon request. Please contact us for details.
Step 1 - Select your installation target:
Step 2 - Add Netify's package signing key and repository:
sudo apt-get update
sudo apt-get -y install curl gnupg2
sudo curl https://download.netify.ai/5/debian/netify-archive-keyring.gpg -o /usr/share/keyrings/netify-archive-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/netify-archive-keyring.gpg] http://download.netify.ai/5/debian/12/ /' | sudo tee /etc/apt/sources.list.d/netify.listStep 3 - Install Netify Device Discovery:
sudo apt update
sudo apt install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
sudo apt-get update
sudo apt-get -y install curl gnupg2
sudo curl https://download.netify.ai/5/debian/netify-archive-keyring.gpg -o /usr/share/keyrings/netify-archive-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/netify-archive-keyring.gpg] http://download.netify.ai/5/debian/11/ /' | sudo tee /etc/apt/sources.list.d/netify.listStep 3 - Install Netify Device Discovery:
sudo apt update
sudo apt install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
sudo apt-get update
sudo apt-get -y install curl gnupg2
sudo curl https://download.netify.ai/5/debian/netify-archive-keyring.gpg -o /usr/share/keyrings/netify-archive-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/netify-archive-keyring.gpg] http://download.netify.ai/5/debian/10/ /' | sudo tee /etc/apt/sources.list.d/netify.listStep 3 - Install Netify Device Discovery:
sudo apt update
sudo apt install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
sudo apt-get update
sudo apt-get -y install curl gnupg2
sudo curl https://download.netify.ai/5/ubuntu/netify-archive-keyring.gpg -o /usr/share/keyrings/netify-archive-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/netify-archive-keyring.gpg] http://download.netify.ai/5/ubuntu/noble/ /' | sudo tee /etc/apt/sources.list.d/netify.listStep 3 - Install Netify Device Discovery:
sudo apt update
sudo apt install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
sudo apt-get update
sudo apt-get -y install curl gnupg2
sudo curl https://download.netify.ai/5/ubuntu/netify-archive-keyring.gpg -o /usr/share/keyrings/netify-archive-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/netify-archive-keyring.gpg] http://download.netify.ai/5/ubuntu/jammy/ /' | sudo tee /etc/apt/sources.list.d/netify.listStep 3 - Install Netify Device Discovery:
sudo apt update
sudo apt install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
sudo apt-get update
sudo apt-get -y install curl gnupg2
curl -fsSL https://download.netify.ai/5/ubuntu/apt-gpg-key-netify.asc | sudo apt-key add -
echo 'deb http://download.netify.ai/5/ubuntu/focal/ /' | sudo tee /etc/apt/sources.list.d/netify.listStep 3 - Install Netify Device Discovery:
sudo apt update
sudo apt install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
wget https://download.netify.ai/5/openwrt/key-build.pub -O /etc/opkg/keys/b18c240cb821dad2
echo 'src/gz netify https://download.netify.ai/5/openwrt/24.10/x86' >> /etc/opkg/customfeeds.confStep 3 - Install Netify Device Discovery:
opkg update
opkg install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
wget https://download.netify.ai/5/openwrt/key-build.pub -O /etc/opkg/keys/b18c240cb821dad2
echo 'src/gz netify https://download.netify.ai/5/openwrt/23.05/x86' >> /etc/opkg/customfeeds.confStep 3 - Install Netify Device Discovery:
opkg update
opkg install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
wget https://download.netify.ai/5/openwrt/key-build.pub -O /etc/opkg/keys/b18c240cb821dad2
echo 'src/gz netify https://download.netify.ai/5/openwrt/22.03/x86' >> /etc/opkg/customfeeds.confStep 3 - Install Netify Device Discovery:
opkg update
opkg install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
wget https://download.netify.ai/5/openwrt/key-build.pub -O /etc/opkg/keys/b18c240cb821dad2
echo 'src/gz netify https://download.netify.ai/5/openwrt/21.02/x86' >> /etc/opkg/customfeeds.confStep 3 - Install Netify Device Discovery:
opkg update
opkg install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
wget http://download.netify.ai/5/openwrt/key-build.pub -O /etc/opkg/keys/b18c240cb821dad2
echo 'src/gz netify http://download.netify.ai/5/openwrt/19.07/x86' >> /etc/opkg/customfeeds.confStep 3 - Install Netify Device Discovery:
opkg update
opkg install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
sudo rpm --import https://download.netify.ai/5/opensuse/15.6/stable/RPM-GPG-KEY-netify
sudo curl https://download.netify.ai/5/opensuse/netify.repo -o /etc/zypp/repos.d/repo-netify.repoStep 3 - Install Netify Device Discovery:
sudo zypper update
sudo zypper install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
sudo rpm --import https://download.netify.ai/5/opensuse/15.5/stable/RPM-GPG-KEY-netify
sudo curl https://download.netify.ai/5/opensuse/netify.repo -o /etc/zypp/repos.d/repo-netify.repoStep 3 - Install Netify Device Discovery:
sudo zypper update
sudo zypper install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
sudo rpm --import https://download.netify.ai/5/almalinux/9/stable/RPM-GPG-KEY-netify
sudo curl https://download.netify.ai/5/almalinux/9/netify.repo -o /etc/yum.repos.d/netify.repoStep 3 - Install Netify Device Discovery:
sudo yum update
sudo yum install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
sudo rpm --import https://download.netify.ai/5/almalinux/8/stable/RPM-GPG-KEY-netify
sudo curl https://download.netify.ai/5/almalinux/8/netify.repo -o /etc/yum.repos.d/netify.repoStep 3 - Install Netify Device Discovery:
sudo yum update
sudo yum install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
sudo rpm --import http://download.netify.ai/5/rockylinux/9/stable/RPM-GPG-KEY-netify
sudo curl https://download.netify.ai/5/rockylinux/9/netify.repo -o /etc/yum.repos.d/netify.repoStep 3 - Install Netify Device Discovery:
sudo yum update
sudo yum install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
sudo rpm --import http://download.netify.ai/5/rockylinux/8/stable/RPM-GPG-KEY-netify
sudo curl https://download.netify.ai/5/rockylinux/8/netify.repo -o /etc/yum.repos.d/netify.repoStep 3 - Install Netify Device Discovery:
sudo yum update
sudo yum install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
mkdir -p /usr/local/etc/pkg/fingerprints/Netify/trusted
curl https://download.netify.ai/5/opnsense/fingerprint -o /usr/local/etc/pkg/fingerprints/Netify/trusted/fingerprint
cat << EOF > /usr/local/etc/pkg/repos/Netify.conf
Netify: {
fingerprints: "/usr/local/etc/pkg/fingerprints/Netify",
url: "https://download.netify.ai/5/opnsense/25.7",
signature_type: "fingerprints",
mirror_type: "http",
priority: 11,
enabled: yes
}
EOFStep 3 - Install Netify Device Discovery:
pkg update
pkg install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
mkdir -p /usr/local/etc/pkg/fingerprints/Netify/trusted
curl https://download.netify.ai/5/opnsense/fingerprint -o /usr/local/etc/pkg/fingerprints/Netify/trusted/fingerprint
cat << EOF > /usr/local/etc/pkg/repos/Netify.conf
Netify: {
fingerprints: "/usr/local/etc/pkg/fingerprints/Netify",
url: "https://download.netify.ai/5/opnsense/24.7",
signature_type: "fingerprints",
mirror_type: "http",
priority: 11,
enabled: yes
}
EOFStep 3 - Install Netify Device Discovery:
pkg update
pkg install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
mkdir -p /usr/local/etc/pkg/fingerprints/Netify/trusted
curl https://download.netify.ai/5/freebsd/fingerprint -o /usr/local/etc/pkg/fingerprints/Netify/trusted/fingerprint
cat << EOF > /usr/local/etc/pkg/repos/Netify.conf
Netify: {
fingerprints: "/usr/local/etc/pkg/fingerprints/Netify",
url: "https://download.netify.ai/5/freebsd/15.0",
signature_type: "fingerprints",
mirror_type: "http",
priority: 11,
enabled: yes
}
EOFStep 3 - Install Netify Device Discovery:
pkg update
pkg install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
mkdir -p /usr/local/etc/pkg/fingerprints/Netify/trusted
curl https://download.netify.ai/5/freebsd/fingerprint -o /usr/local/etc/pkg/fingerprints/Netify/trusted/fingerprint
cat << EOF > /usr/local/etc/pkg/repos/Netify.conf
Netify: {
fingerprints: "/usr/local/etc/pkg/fingerprints/Netify",
url: "https://download.netify.ai/5/freebsd/14.0",
signature_type: "fingerprints",
mirror_type: "http",
priority: 11,
enabled: yes
}
EOFStep 3 - Install Netify Device Discovery:
pkg update
pkg install netify-proc-dev-discoveryStep 2 - Add Netify's package signing key and repository:
mkdir -p /usr/local/etc/pkg/fingerprints/Netify/trusted
curl https://download.netify.ai/5/freebsd/fingerprint -o /usr/local/etc/pkg/fingerprints/Netify/trusted/fingerprint
cat << EOF > /usr/local/etc/pkg/repos/Netify.conf
Netify: {
fingerprints: "/usr/local/etc/pkg/fingerprints/Netify",
url: "https://download.netify.ai/5/freebsd/14.0",
signature_type: "fingerprints",
mirror_type: "http",
priority: 11,
enabled: yes
}
EOFStep 3 - Install Netify Device Discovery:
pkg update
pkg install netify-proc-dev-discoverySetup
To use the Netify Device Discovery plugin, ensure your license.json includes the netify-proc-dev-discovery entitlement.
All plugins are disabled by default, and the Netify Device Discovery plugin is no different. Use netifyd's --enable-plugin and --disable-plugin flags to enable or disable the plugin.
netifyd --enable-plugin proc-dev-discovery # Enables loader
netifyd --disable-plugin proc-dev-discovery # Disables loaderFor orchestration tools or manual setup, you can also directly update configuration file in the plugins.d subdirectory and set enable to yes.
See the advanced configuration section for details on instantiating multiple instances of the plugin.
$ cat 10-netify-proc-dev-discovery.conf
[proc-dev-discovery]
enable = yes
plugin_library = /usr/lib64/libnetify-proc-dev-discovery.so.0.0.0
conf_filename = ${path_state_persistent}/netify-proc-dev-discovery.jsonAI Integration
For AI integration and machine learning models, the Netify Device Discovery Configuration JSON schema is available for reference.
Main Configuration
The plugin is configured via the JSON file referenced by its loader (typically /etc/netifyd/netify-proc-dev-discovery.json ).
format
string
compressor
string
Default compression policy used for all outputs unless overridden in sinks.
max_confidence
integer
Confidence threshold (0-100) required before discovery stops for a device.
max_devices
integer
Maximum number of devices to track in memory. 0 for unlimited.
max_device_age
integer
Maximum idle time (seconds) before a device is purged from memory.
max_ja4_clients
integer
Maximum number of extracted JA4 client hashes to collect on any given MAC address.
max_mdns_services
integer
Maximum number of extracted mDNS service strings to collect on any given MAC address.
max_http_user_agents
integer
Maximum number of extracted HTTP user agent strings to collect on any given MAC address.
max_ssdp_user_agents
integer
Maximum number of extracted SSDP user agent strings to collect on any given MAC address.
path_device_cache
string
Filesystem path for persistent device cache.
process_all_macs
boolean
If false, only local/unicast MAC addresses are processed.
device_mac_ignore
array
List of MAC addresses to exclude from discovery.
netify_api
object
Netify API object definition.
sinks
object
Sink configuration.
Example: netify-proc-dev-discovery.json
{
"compressor": "gz",
"format": "json",
"max_confidence": 80,
"max_devices": 1500,
"max_device_age": 4147200,
"path_device_cache": "${path_state_persistent}/device-discovery-cache.json",
"device_mac_ignore": [
"00:00:00:00:00:00",
"ff:ff:ff:ff:ff:ff"
],
"max_ja4_clients": {
"max": 10,
"update_min": 1,
"update_ttl": 3600
},
"max_mdns_services": 10,
"max_http_user_agents": 10,
"max_ssdp_user_agents": 10,
"netify_api": {
"enable": true
},
"sinks": {
"sink-log": {
"devices": {
"enable": true,
"flush": true,
"format": "json",
"compressor": "none"
}
}
}
}Sink Configuration
We need to send our telemetry to a configured output using a Sink Plugin: log, socket, message queue, etc. This sink configuration is highly flexible, but it can also be easy to misconfigure if the relationships between components are not clear. Let's get started.
Sink Tag - First Level Key
The Device Discovery Processor's sinks object determines which sinks (outputs) receive the telemetry data and how the data should be sent to each one. A single processor can send data to multiple sinks, but in this example it is configured to send to only one.
The sink tag is the first-level key under the sinks property. This key must match the section name defined by the corresponding plugin loader. In our example, the sink tag is sink-log , which must exactly match the loader section name sink-log as shown below:
Sinks Configuration - Overview
"sinks": {
"sink-log": {
"devices": {
"enable": true,
... other properties ...
}
}
}$ cat /etc/netifyd/plugins.d/10-netify-sink-log.conf
[sink-log]
enable = yes
plugin_library = /usr/lib64/libnetify-sink-log.so.0.0.0
conf_filename = ${path_state_persistent}/netify-sink-log.jsonHere we can see that the section name [sink-log] matches the sink tag used in the Device Discovery configuration. The presence of this configuration file indicates that the plugin has been installed, and the enable = yes setting confirms that it is currently enabled. The loader configuration also specifies the sink's runtime configuration file through the conf_filename property.
This mapping is critical: if the names do not match, the processor will not be able to deliver data to the sink.
The Channel - Second Level Key
The second-level key in JSON configuration is the channel. Sink output channels provide a way to separate different types of telemetry into different output targets. For example, you can send:
- aggregator data to /tmp/netify-aggregate-x
- interface statistics to /tmp/netify-interface-stats-x
- intelligence detections to /tmp/netify-intelligence-x
This channel must be configured in the target sink configuration as shown.
Refer to the relevant Sink Plugin configuration for channel configuration details.
Sink Log Config: /etc/netifyd/netify-sink-log.json
{
"overwrite": false,
"log_path": "/tmp",
"channels": {
"devices": {
"overwrite": true,
"log_path": "/tmp",
"log_name": "netify-devices-"
}
}
}Channel Properties
enable
boolean
Enables or disables this specific sink channel.
compressor
string
The compression algorithm applied to the payload.
flush
boolean
The flush policy.
Example Sinks Configuration
{
...
"sinks": {
"sink-log": {
"devices": {
"enable": true,
"flush": true,
"format": "json",
"compressor": "none"
}
}
}
}Policies
MAC Collection Policy
The device discovery system will only register a new device if the MAC is local to the network and at least one flow of the following protocols has been identified for the MAC:
If true, the Device Discovery plugin will immediately create an event and a record for any new MAC address processed by the Netify agent during flow analysis. For integrators who wish to generate an accurate inventory of devices (existing and new) that join the network, setting this option to true is the recommended configuration.
Fingerprint and Agent Policies
The four properties listed here:
- max_ja4_clients
- max_mdns_services
- max_http_user_agents
- max_sddp_user_agents
can be configured using an integer value. If a new, previously unseen value is discovered, it will be added to the table. If the maximum number of entries has been exceeded, the oldest entry will be popped off the list to accommodate the new value. A higher value will translate into fewer events being triggered, especially for often recurring values like JA4 client hashes.
For more fine-grained control, define an object in place of the integer. The object is defined with any or all of the following attributes (on a per-device basis):
- max - same as defined above
- update_min - will have the effect of 'squelching' any new events that occur more frequently than this minimum setting (in seconds)
- update_ttl - will update on a set frequency (in seconds), regardless of any activity discovered