Discovery http Probes

ejayopiniano · 3 weeks ago

Hi,

We just got notified by our security team that we had a connection from our mid server to a destination server using port 80. We are informed that we should use port 443 instead.

I would like to ask if is it ideal to Go to Discovery Port Probe and update the record "http". From here, I will remove the http from the triggered by service field and just retain the https.

Thank you

M Iftikhar · 3 weeks ago

Hi @ejayopiniano,

Yes you're doing right but there's a more direct way to prevent the connection on port 80. Modifying the Port Probe might not stop the initial scan itself.

Try this ideal solution:

Disable the Port Scanner for HTTP (Port 80):
- Navigate to Discovery Definition > IP Port Scanners.
- Find and open the record named "http".
- Uncheck the "Active" box and save the record.
- This action tells the Shazzam probe (the first phase of discovery) to stop scanning port 80 entirely, which resolves the security concern at its source.
Verify HTTPS (Port 443) is Active:
- In the same IP Port Scanners list, ensure the record for "https" is active. It usually is by default.

By deactivating the IP Port Scanner for "http", you prevent the MID server from making any connection on port 80 during discovery. This is a cleaner and more effective solution than only changing the classification probe.

Thanks & Regards,
Muhammad Iftikhar
If my response helped, please mark it as the accepted solution so others can benefit as well.

Pratiksha · 3 weeks ago

Yes, you can do that.

If you still have legacy apps running plain HTTP, Discovery might miss identifying them.
You should confirm with your App/Infra teams that all web endpoints are HTTPS-only before removing HTTP.

You can update it here

https://your instance.service-now.com/trigger_probe_m2m.do?sys_id=6772d8b91b311210c28187bad34bcb51&sysparm_record_target=trigger_probe_m2m&sysparm_record_row=2&sysparm_record_rows=2&sysparm_record_list=port_probe%3D980365530a0a070300b473edf16f8ce0