FAQs

What information is collected during Asset Discovery?

Asset Discovery gathers detailed information about devices on your network, including:

• Device type and hardware specifications (e.g., CPU, memory, disk space).
• Network details like IP and MAC addresses.
• Installed software and operating system details.

You can configure what data to collect based on the scope of your scans. Learn more about configuring scans.

How does Asset Discovery collect data?

ADE uses an agentless approach, leveraging protocols like ICMP, ARP, NetBIOS, DNS, LDAP, TCP, SNMP, SSH/Telnet, and WMI to discover and collect data from resources.

• Domain-based discovery uses ARP, DNS, LDAP, and TCP for domain-level scanning.
• IP range discovery employs ICMP, SNMP, SSH, and Telnet to scan devices within specific IP ranges.
• Detailed scans retrieve in-depth information using SNMP, WMI, SSH/Telnet, and other methods.

Which protocols are utilized for domain-based discovery?

Domain-based discovery relies on ARP, DNS, LDAP, WinNT, and TCP to locate resources within specified domains.

What credentials are needed for scanning?

ADE supports three types of credentials:

• Domain credentials - For accessing domain resources (username and password).
• IP Range credentials - Used for SSH/Telnet-based scans (username, password, and optional admin password).
• SNMP Community Strings - Required for SNMP-enabled devices.

Are Domain Administrator credentials required?

No, regular domain user credentials are sufficient for basic discovery. However, more detailed information, like hardware specifications, requires a user with local admin privileges.

How are the credentials stored?

Credentials are securely stored using 128-bit AES encryption in the ChangeGear registry. During use, they are encrypted in memory with the .NET System, Security, Secure String data structure and purged immediately after use.

How does ADE access stored credentials?

During a scan, ADE retrieves credentials from the registry and decrypts them. Depending on the protocol, credentials are applied securely:

• SSH credentials are transmitted over encrypted channels.
• SNMP community strings are transmitted in plain text.

Will ADE affect my network?

ADE is designed to minimize network impact. Factors such as network size, latency, and capacity affect performance. Scheduling scans during off-hours or at remote offices can reduce overhead.

Will ADE trigger my Intrusion Detection System (IDS)?

ADE does not use live exploits or "crafted" packets, making it unlikely to trigger an IDS.

Must I configure SNMP on all my devices?

No, SNMP configuration is optional. However, enabling it allows for better classification of devices (e.g., printers) and collects more detailed information.

Are there network requirements for ADE?

• Windows machines require WMI and DCOM to be running.
• Linux machines need SSH (preferred) or Telnet enabled, with password-based authentication.
• The scanning machine must also have WMI and DCOM running and be joined to a domain.
  ‍

What Luma can automate

In practice, Luma can automate or orchestrate anything an ESM platform can support, provided the fulfillment system(s) exposes the appropriate API, service interface, or MCP server. That includes request fulfillment, approvals, access workflows, onboarding and offboarding, asset and software provisioning, incident triage, knowledge-assisted resolution, service catalog interactions, status tracking, outbound notifications, and cross-functional workflows spanning ITSM, HR, ERP, CRM, and other enterprise systems.

• Run workflows natively in Luma when speed, consistency, or central governance is the priority OR existing workflows do not exist.
• Invoke an existing workflow in another vendor application when an external workflow engine already handles the process or  the system of record such as a ITSM or CRM system has the workflow in its catalog.
• Use Luma as the intelligent front-end either way, handling conversation, triage, data collection, policy checks, status updates, approvals, and outbound communications.

‍

Why common IT examples matter

Password reset and account unlock are useful examples not because they define the limits of Luma, but because they reveal what enterprise service automation really requires. Even these seemingly simple workflows can depend on where identity resides, which controls must be enforced, and how risk is managed.
‍

The same pattern extends far beyond IT. Luma can front-end multi-step workflows across HR, finance, facilities, customer operations, and any domain where an organization needs guided interaction plus controlled execution.

‍

System-of-record agnostic by design

Enterprise deployments are rarely homogeneous. The system of record may be a leading ITSM or ESM platform, a specialized identity product, a SaaS application, a legacy on-premise system, or a custom workflow engine. Luma is designed for this reality. It can execute natively where appropriate, or call existing automations in another application and still own the user experience end to end.

• Integrate through APIs, webhooks, and service interfaces when that is the best enterprise fit.
• Prefer MCP-based integration when available to simplify tool discovery, invocation, and governance
• Preserve the external platform as the system of record while Luma manages conversation, triage, workflow selection, notification, approval interactions, and follow-up communications.
  ‍

Enterprise controls, policy enforcement, and responsible AI

Luma should not be positioned as a lightweight task chain or a happy-path automation utility. Enterprise service automation requires controls. Luma supports policy-aware execution so that automation can enforce required rules before action is taken, not after a mistake has already propagated. That includes conditional approvals, entitlement checks, segregation of duties, environment-specific logic, and audit-ready execution records.

• Protect sensitive information through role-based access controls, data minimization, and masking of personal or corporate data where it should not be exposed.
• Support responsible AI patterns so confidential enterprise content and personal data are not unnecessarily sent to an LLM or retained in logs.
• Provide human-in-the-loop handling for exceptions, approvals, and higher-risk actions where policy or compliance demands oversight.
• Maintain the operational discipline expected in enterprise environments, including traceability, status visibility, exception handling, and controlled escalation paths.

‍

The business value

The result is a more scalable and more trustworthy service experience: users get fast, intelligent assistance; service teams reduce manual effort and ticket volume; and the enterprise retains the policy enforcement, compliance posture, and architectural flexibility required for real-world operations. Luma combines conversational intelligence with governed execution, making it suitable not just for simple automations, but for true enterprise service transformation.