Can Service Mapping create connection to database when connection strings are encrypted?

jimmillet · ‎07-19-2022

Doing Top-Down pattern based Service Mapping and came across web.config file that has connectionStrings encrypted. Is there a way that ServiceNow pattern can decode these strings to make the connection? Right now our map stops at the IIS web server layer, so not too interesting. Hoping people have come across this issue before. Thanks.

SiD2 · ‎07-20-2022

Hi @jimmillet,

I guess no. Pattern just tries to parse and understand the info and tries to make logical connections but if it is encrypted it's not possible.

Please mark Helpful / Accept Solution so that it helps others with similar questions.

jimmillet · ‎07-21-2022

Yesterday I crawled through the "ADO .NET" Connection section in "IIS Virtual Directory" pattern and I do see some steps that deal with encrypted configuration file. I see a step named "upload decryption exe" that uses "Put File" operation to put a file named "ConnectionStringBrowser" on the target server, and then there is "decrypt configs" steps. So it seems to have support for encrypted config files, but does not seem to be working for me. I'll keep digging deeper.

Praveen Gaddam · ‎08-29-2024

Is there any findings on this topic

richardbrounste · ‎07-21-2022

It isn't a good idea to try and decrypt the connection information from the configuration files. That defeats the purpose of having the files encrypted in the first place.

It is better to make a connection based on the netstat data. Database connections are usually persistent so there would be an ESTABLISHED connection on the server from the process running the application server to the database.

Have the pattern run the command:

Windows: netstat -aon

Linux: sudo netstat -ltnup

And look for the ESTABLISHED connections from your process and use that data to make the connection.