ServiceNow Discovery offers organizations powerful capabilities to fully inventory and manage F5 Big-IP devices, enabling rapid identification of devices, associated vulnerabilities, and mitigating risk exposure crucial given recent incidents of source code and vulnerability leaks.
Why Comprehensive F5 Discovery Is Critical
Attackers recently exfiltrated files containing F5 BIG-IP source code and details on undisclosed vulnerabilities, increasing the urgency for organizations to know exactly which F5 assets are deployed, what software versions they run, and which are at risk. Regulatory bodies like CISA have issued directives mandating organizations to proactively track, patch, and mitigate F5 device exposures.
How ServiceNow Discovery Identifies F5 Devices
-
Discovery Patterns: ServiceNow Discovery pattern can scan for F5-specific devices and can discover the hardware appliances and virtual editions running BIG-IP by protocol-based queries. Refer to load balancer discovery from docs.servicenow.com.
-
Software Information Collection: Discovery captures BIG-IP firmware and software version, module details, and licensing via SNMP, HTTPS/API, or SSH-based commands, integrating with the CMDB for device lifecycle management.
-
Vulnerability Mapping: By centralizing current software versions, configs, and patch states, ServiceNow links discovered F5 devices to relevant vulnerability and advisory databases—including known CVEs listed by F5 and CISA—prioritizing assets that require immediate attention
Key Benefits for Customers
-
Holistic Visibility: Customers gain a unified view of all F5 assets across on-premise and cloud environments, eliminating shadow IT and overlooked devices.
-
Automated Risk Tracking: Persistent monitoring ensures rapid detection as new vulnerabilities are published, automating risk scoring and reporting for all F5 deployments.
-
Compliance and Response: Enables compliance with directives (e.g., CISA ED-26-01) by demonstrating discovery, assessment, and remediation of affected devices.
-
Targeted Mitigation: Prioritizes patching and configuration updates only for exposed or at-risk devices, minimizing disruption while rapidly reducing attack surface.
Best Practices for Using ServiceNow Discovery with F5 BIG-IP
-
Configure credentials for F5 discovery on all network segments.
-
Schedule automated scans and link results to CMDB for asset and lifecycle tracking.
-
Enable integration with vulnerability feeds so software version data triggers alerts about exposures to newly announced threats. The ServiceNow Vulnerability Response solution can automate the CVE match with the affected hardware and software versions.
-
Regularly report device inventory and patch status to compliance stakeholders and security operations teams.
With robust ServiceNow Discovery, customers can stay ahead of attackers, automate asset tracking, and continuously assess risk related to F5 BIG-IP devices
