MID Server as threat by IPS or IDS

Go to solution
lopchris27
Tera Contributor

‎02-19-2024 06:52 PM

Good day my fellow ServiceNow Enthusiasts!

 

May I just seek some advice regarding the below concern of one of our clients.

 

We just recently implemented ServiceNow Discovery and has installed MID Servers as part of it.

Our client has raised a concern regarding a scenario that they said might happen in their environment. The scenario is what if the MID Server has been tagged as threat by their IDS or IPS (Intrusion Detection/Prevention System) due to multiple attempts accessing lots of devices that they are discovering. Will there be a way for the MID Server not to be tagged as such.

May I know someone here have some documentations that they can share in relation to this scenario.

 

Thanks to All and Have a nice day!

0 Helpfuls
  • 683 Views
1 ACCEPTED SOLUTION

Go to solution
Amit Gujarathi
Giga Sage
Giga Sage
In response to lopchris27

‎02-19-2024 08:11 PM

You can look for MID Server set up and best practices docs on NOW CREATE
https://signon.service-now.com/x_snc_sso_auth.do?pageId=username


Was this answer helpful?


Please consider marking it correct or helpful.


Your feedback helps us improve!


Thank you!


Regards,


Amit Gujrathi



View solution in original post

0 Helpfuls
3 REPLIES 3

Go to solution
Amit Gujarathi
Giga Sage
Giga Sage

‎02-19-2024 07:59 PM

HI @lopchris27 ,
I trust you are doing great.

To address concerns about MID Servers triggering IDS/IPS alerts:

  1. Whitelist MID Server IPs: Ensure the MID Server IPs are whitelisted in the IDS/IPS system to prevent false positives.

  2. Optimize Discovery Settings: Adjust discovery schedules and configurations to reduce the frequency and intensity of discovery activities.

  3. Configure MID Servers: Properly configure MID Servers with sufficient resources and segregate discovery traffic if possible.


Was this answer helpful?


Please consider marking it correct or helpful.


Your feedback helps us improve!


Thank you!


Regards,


Amit Gujrathi



Go to solution
lopchris27
Tera Contributor
In response to Amit Gujarathi

‎02-19-2024 08:04 PM

Hello @Amit Gujarathi,

 

Thank you for your quick response and for the suggestion. Do you have links to ServiceNow document pertaining to this which I can share with our client? Thanks again.

0 Helpfuls

Go to solution
Amit Gujarathi
Giga Sage
Giga Sage
In response to lopchris27

‎02-19-2024 08:11 PM

You can look for MID Server set up and best practices docs on NOW CREATE
https://signon.service-now.com/x_snc_sso_auth.do?pageId=username


Was this answer helpful?


Please consider marking it correct or helpful.


Your feedback helps us improve!


Thank you!


Regards,


Amit Gujrathi



0 Helpfuls