Discovery

anjalipriya
Tera Contributor

‎03-20-2025 10:03 PM

Which part of Agent Client Collector must be configured to run osquery commands on a CI?

A. ACC Websocket Endpoint
B. Credential-less Discovery
C. Check
D. Infrastructure Patterns
E. Policies

0 Helpfuls
  • 737 Views
7 REPLIES 7

Dr Atul G- LNG
Tera Patron
Tera Patron
In response to anjalipriya

‎03-20-2025 11:52 PM

Hi @anjalipriya 

 

@Shivalika already shared the document link. Refer that.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

Shivalika
Mega Sage
In response to anjalipriya

‎03-21-2025 12:25 AM

Hello @anjalipriya  

I dug some more into this. And below is the analysis and clear difference. So, you can go for "E" Policies. 

Explanation:

  • Policies define what actions should be executed on the target Configuration Item (CI). To run osquery commands on a CI, you must configure a policy that includes the necessary queries and execution rules. Policies control the execution of osquery commands on CIs.

Why the others are incorrect:

  • A. ACC Websocket Endpoint: This is used for communication between the Agent Client Collector and ServiceNow, but it does not define the actions or queries to be executed on the CI.
  • B. Credential-less Discovery: This is a method for discovering CIs without requiring credentials, but it does not involve running specific commands like osquery.
  • C. Check: Checks are specific monitoring tasks or scripts that run on endpoints, but they are part of the policy configuration rather than a standalone configuration for running osquery commands.
  • D. Infrastructure Patterns: These are used for discovering and mapping infrastructure components, but they do not define the execution of specific commands like osquery on CIs.

By configuring policies, you can ensure that the correct osquery commands are executed on the desired CIs. 

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket. 

 

Regards,

 

Shivalika 

 

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

 

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY.

 
0 Helpfuls

Shivalika
Mega Sage

‎03-21-2025 08:35 AM

Hello @anjalipriya 

 

 

Please confirm if you checked my answer. Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for my efforts and also it can move from unsolved bucket to solved bucket. 

 

Regards, 

Shivalika 

 

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

 

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeE

 

0 Helpfuls