Dennis DeOcampo's Tech Blog Technical Information and Programming Examples

ServiceNow Discovery

March 1, 2022March 1, 2022

The ServiceNow Discovery application finds computers and other devices connected to an enterprise’s network. When Discovery finds a computer or device, it explores the device’s configuration, provisioning, and current status and updates the CMDB accordingly.

On computer systems, Discovery also identifies the software that is running and any TCP connections between computer systems. Discovery creates all the relationships between computer systems (such as an application on one server that uses a database on another server).

GAINING CREDENTIALS

#1 step in a ServiceNow Discovery implementation is gaining the credentials to run discovery on your network.  Discovery applications are invasive and powerful, they do scan and obtain information all about your company infrastructure.  This requires a lot of rights and access.

There is large ServiceNow Wiki article on this subject: Discovery Credentials I suggest reading that article and being very familiar with it before asking security for credentials.  Going into those meetings without the proper information and stakeholder backing, will cause “difficulty” in obtaining the proper rights.  

Security expects you know what you are doing in order to turn over that level of access.  I suggest being prepared for those discussions.

SETTING UP INITIAL DISCOVERY

I do not recommend just “turning on” ServiceNow Discovery when you get the credentials. Plan out what you want to discovery and test small range sets.

Some Setup Tasks I recommend

  1. Buy Discovery
  2. Activate Discovery Plugin
  3. Setup Credentials
  4. Setup Port Probes
  5. Deploy Midservers to access network
  6. Setup Discovery Schedule and Range Sets
  7. Try small range set for testing

UNDERSTANDING THE DISCOVERY PROCESS

Understanding the discovery lifecycle is important to understanding how it works and what to do if it doesn’t or if you want to change it.

Port Scan Phase

  1. Discovery Schedule or Discover Now Runs
  2. Shazzam (Port Probes) Run.  Checks for open ports for configured probes.  If no ports are open for configured probes, discovery stops.

Classification Phase

  1. Depending on what ports were open on Port Scan Phase, Probes will run. For example: WMI.  If Windows WMI port was open, WMI Probe, Windows – Classify will run
  2. Sensor will return results.  If there are bad credentials for for the Probe, discovery fails for this CI.
  3. CI is given a class and classified.  

Identification Phase

  1. If CI is Classified, Identify probes runs
  2. It is determined to update or insert a new CI

Exploration Phase

  1. All remaining probes run and sensors return results and update CI, related lists, and relationships.
  2.  A business rule is a server-side script that runs when a record is displayed, inserted, updated, or deleted, or when a table is queried. It is event driven.

Note: Patterns are used in the Identification and Exploration phases of horizontal discovery.

VALIDATE RESULTS

Running a CMDB unchecked is not a good idea.  If you are using ServiceNow Discovery, you should run reports to determine if the CMDB is accurate.  Are you discovering the anticipated number of CIs?  Many factors can decide whether you are discovering too much or too little.

I suggest setting periodic meetings to check CMDB data for accuracy and eliminate duplicates.  One idea is to generate a monthly incident to make sure maintenance is completed.

Here is an article about how to build duplicate record reports: Duplicate Record Scripts

Here are some examples of other reports you can build (Some are included in the base system)

  • Blank IP
  • CIs Not Discovered
  • Duplicate CI by IP Address
  • Duplicate CI by Serial Number
  • Not Classified
  • Not Responding
  • Connection Errors

Tags IT Operations Management

Patterns are used in the Identification and Exploration phases of horizontal discovery.