NetBox Assurance in NetBox Enterprise: Automatically Detect and Fix Operational Drift
Your network infrastructure is constantly evolving, but is your documentation keeping up? When devices are added, configurations change, or infrastructure drifts from its intended state, the gap between reality and documentation creates serious operational risks.
Network documentation drift isn’t just an inconvenience—it’s a compliance, security, and operational risk. Outdated documentation can lead to security vulnerabilities going unnoticed, compliance failures during audits, and extended incident resolution times when your source of truth can’t be trusted.
NetBox Assurance changes this entire dynamic. Instead of hoping your documentation stays current, Assurance automatically detects when your real-world infrastructure diverges from what’s documented in NetBox—what we call “operational drift.”
What NetBox Assurance Actually Does
NetBox Assurance provides automated operational drift detection by continuously comparing ingested network data against your documented intent in NetBox. Here’s how it works:
- Continuous Comparison: Automatically compares data from your network against what’s documented in NetBox
- Smart Categorization: Drift is categorized by type—new devices discovered, infrastructure changes, etc.
- Proactive Detection: Identify and address documentation gaps as part of regular operations, not during incidents
- Historical Tracking: See patterns in how your network changes over time
The workflow is straightforward: NetBox Discovery is a companion service that provides automated network discovery capabilities. Network data flows into NetBox Enterprise through NetBox Discovery agents, controller integrations, or the Diode API. Assurance immediately compares this data against your existing NetBox documentation and flags any discrepancies as deviations that need your attention.
The Business Impact
Before Assurance, keeping network documentation current was manual and error-prone. With Assurance enabled, you get:
- Faster incident resolution (your documentation is trustworthy when you need it)
- Improved compliance posture (auditors see current, accurate network maps)
- Reduced operational overhead (no more manual documentation verification)
- Better change management (immediately see the impact of network changes)
Enabling Assurance in NetBox Enterprise
NetBox Assurance is available as an add-on component for NetBox Enterprise starting with version 1.10. During installation, your license file determines whether Assurance is enabled. Without Assurance, you’ll have access to Diode, which is fully compatible with NetBox Discovery agents but without the reconciliation workflows.
Already have NetBox Enterprise but don’t have Assurance? Contact NetBox Labs to add Assurance to your existing deployment.
Installation Configuration
When setting up NetBox Enterprise, you’ll see a configuration screen with available features:
To enable full drift detection capabilities, make sure both components are selected:
- ✅ Diode (the data ingestion service)
- ✅ NetBox Assurance (the drift detection engine)
Note: If Assurance isn’t licensed, you’ll only see the Diode option, which still provides powerful data ingestion capabilities.
What You’ll See After Installation
Once NetBox Enterprise deploys, Assurance appears directly in your NetBox navigation sidebar:
Assurance is integrated directly into your NetBox instance—no separate tools or complex integrations needed.
Getting Network Data Into NetBox Enterprise
NetBox Assurance works with multiple data sources:
NetBox Discovery Agents (Recommended)
Purpose-built tools that automatically scan your network using SSH, API calls, ping sweeps, and port scanning, then send data directly to NetBox Enterprise.
- Automatically scan your network using SSH, API calls, ping sweeps, and port scanning
- Discover devices, interfaces, and configurations without manual setup
- Send data directly to NetBox Enterprise with proper authentication
- Work immediately with Assurance for instant drift detection
Note: SNMP support is coming soon to provide even broader device compatibility.
Controller Integrations
NetBox Discovery can also integrate directly with network controllers and management platforms:
- VMware vCenter for virtual infrastructure discovery
- Juniper Mist for wireless and campus network data
- Cisco Catalyst Center for enterprise network management
- Other vendor controllers through API-based integrations
Diode API and SDKs
For advanced use cases or custom data sources, you can use the Diode SDKs (available in Python and Go) to build custom integrations. This approach lets you:
- Send data from legacy systems or custom protocols
- Integrate with proprietary network management tools
- Build automated workflows that feed network data to NetBox Enterprise
- Create custom discovery agents for specialized environments
Learn more about Diode in the official documentation and introduction blog post. The Diode project is also available for community use.
Operationalizing Drift Detection
Once network data flows into NetBox Enterprise, Assurance immediately begins detecting operational drift and presenting actionable insights:
Daily Operations Dashboard
The aggregated view reveals operational trends:
- New Infrastructure: Clusters and circuit terminations appearing without documentation
- Recurring Issues: Patterns that indicate process gaps
- Volume Metrics: Understanding your network’s change velocity
This helps teams prioritize remediation efforts and identify systemic documentation gaps.
Processed deviations move to archived status, creating audit trails for compliance and operational history. Teams can:
- Accept & Update: Sync NetBox documentation with discovered reality
- Investigate: Flag items requiring deeper analysis
- Bulk Process: Handle multiple similar deviations efficiently
Building Operational Processes
Successful drift detection requires establishing team workflows around deviation management. Most organizations develop daily/weekly review cycles where network teams process new deviations, update documentation, and identify automation opportunities.
The goal isn’t just finding drift—it’s building sustainable processes that keep your network documentation trustworthy as your infrastructure evolves.
Ready to Get Started?
NetBox Assurance is available as an add-on for NetBox Enterprise. If you already have NetBox Enterprise, contact NetBox Labs about adding Assurance to your deployment.
New to NetBox Enterprise? Learn more about NetBox Enterprise and see how Assurance can transform your network operations alongside other enterprise features.
Important: Even without an Assurance license, NetBox Enterprise includes Diode for powerful data ingestion capabilities. You can send network data to NetBox Enterprise and benefit from automated ingestion workflows—Assurance simply adds the drift detection and management layer on top.
