{"id":302,"date":"2022-03-01T18:46:04","date_gmt":"2022-03-01T18:46:04","guid":{"rendered":"https:\/\/ouritsource.com\/blog\/?p=302"},"modified":"2025-05-29T22:07:24","modified_gmt":"2025-05-29T22:07:24","slug":"servicenow-discovery","status":"publish","type":"post","link":"https:\/\/ouritsource.com\/blog\/servicenow-discovery\/","title":{"rendered":"ServiceNow Discovery"},"content":{"rendered":"\n

The ServiceNow Discovery application finds computers and other devices connected to an enterprise\u2019s network. When Discovery finds a computer or device, it explores the device\u2019s configuration, provisioning, and current status and updates the CMDB accordingly.<\/p><\/blockquote>\n\n\n\n

On computer systems, Discovery also identifies the software that is running and any TCP connections between computer systems. Discovery creates all the relationships between computer systems (such as an application on one server that uses a database on another server).<\/p><\/blockquote>\n\n\n\n

GAINING CREDENTIALS<\/h3>\n\n\n\n

#1 step in a ServiceNow Discovery implementation is gaining the credentials to run discovery on your network. \u00a0Discovery applications are invasive and powerful, they do scan and obtain information all about your company infrastructure. \u00a0This requires a lot of rights and access.<\/p>\n\n\n\n

There is large ServiceNow Wiki article on this subject:\u00a0Discovery Credentials<\/a>\u00a0I suggest reading that article and being very familiar with it before asking security for credentials. \u00a0Going into those meetings without the proper information and stakeholder backing, will cause \u201cdifficulty\u201d in obtaining the proper rights. \u00a0<\/p>\n\n\n\n

Security expects you know what you are doing in order to turn over that level of access. \u00a0I suggest being prepared for those discussions.<\/p>\n\n\n\n

SETTING UP INITIAL DISCOVERY<\/h3>\n\n\n\n

I do not recommend just \u201cturning on\u201d ServiceNow Discovery when you get the credentials. Plan out what you want to discovery and test small range sets.<\/p>\n\n\n\n

Some Setup Tasks I recommend<\/strong><\/p>\n\n\n\n

  1. Buy Discovery<\/li>
  2. Activate Discovery Plugin<\/li>
  3. Setup Credentials<\/li>
  4. Setup Port Probes<\/li>
  5. Deploy Midservers to access network<\/li>
  6. Setup Discovery Schedule and Range Sets<\/li>
  7. Try small range set for testing<\/li><\/ol>\n\n\n\n

    UNDERSTANDING THE DISCOVERY PROCESS<\/h3>\n\n\n\n
    \"\"<\/figure>\n\n\n\n

    Understanding the discovery lifecycle is important to understanding how it works and what to do if it doesn\u2019t or if you want to change it.<\/p>\n\n\n\n

    Port Scan Phase<\/strong><\/p>\n\n\n\n

    1. Discovery Schedule or Discover Now Runs<\/li>
    2. Shazzam (Port Probes) Run. \u00a0Checks for open ports for configured probes. \u00a0If no ports are open for configured probes, discovery stops.<\/li><\/ol>\n\n\n\n

      Classification Phase<\/strong><\/p>\n\n\n\n

      1. Depending on what ports were open on Port Scan Phase, Probes will run. For example: WMI. \u00a0If Windows WMI port was open, WMI Probe, Windows \u2013 Classify will run<\/li>
      2. Sensor will return results. \u00a0If there are bad credentials for for the Probe, discovery fails for this CI.<\/li>
      3. CI is given a class and classified. \u00a0<\/li><\/ol>\n\n\n\n

        Identification Phase<\/strong><\/p>\n\n\n\n

        1. If CI is Classified, Identify probes runs<\/li>
        2. It is determined to update or insert a new CI<\/li><\/ol>\n\n\n\n

          Exploration Phase<\/strong><\/p>\n\n\n\n

          1. All remaining probes run and sensors return results and update CI, related lists, and relationships.<\/li>
          2. \u00a0A\u00a0business rule<\/em>\u00a0is a server-side script that runs when a record is displayed, inserted, updated, or deleted, or when a table is queried.\u00a0It is event driven.<\/li><\/ol>\n\n\n\n

            Note: <\/strong>Patterns are used in the Identification and Exploration phases of horizontal discovery. <\/p>\n\n\n\n

            VALIDATE RESULTS<\/h3>\n\n\n\n

            Running a CMDB unchecked is not a good idea. \u00a0If you are using ServiceNow Discovery, you should run reports to determine if the CMDB is accurate. \u00a0Are you discovering the anticipated number of CIs? \u00a0Many factors can decide whether you are discovering too much or too little.<\/p>\n\n\n\n

            I suggest setting periodic meetings to check CMDB data for accuracy and eliminate duplicates. \u00a0One idea is to generate a monthly incident to make sure maintenance is completed.<\/p>\n\n\n\n

            Here is an article about how to build duplicate record reports:\u00a0Duplicate Record Scripts<\/a><\/p>\n\n\n\n

            Here are some examples of other reports you can build (Some are included in the base system)<\/p>\n\n\n\n