Certificate Management - Additional Ports

Scotty88 · ‎01-10-2023

Is it possible to scan additional ports besides the default ports that are OOTB for Discovery?

We are about to implement Certificate Management and need to also scan the below ports but not sure what the best practice is for doing this? These ports will need to be scanned over our exisiting Discovery schedules.

DaveHertel · ‎01-11-2023

Hi - yes, absolutely you can add additional ports to be scanned, beyond just OOB config'd ports, for Discovery. Certificate management is one of those use cases that require additional port/scans to be enabled.

Docs on Port info for Discovery here

Its also possible to create what SN deemed "services" as part of the port probe (do NOT confuse this with Services in the CSDM... it has nothing to do with that...)

More about Shazzam port probes here:

https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/discovery/referenc...

Hope this helps a bit?

Scotty88 · ‎01-11-2023

Thanks, however how exactly do you configure this? Do I just create a new IP service for each port?

DaveHertel · ‎01-11-2023

I believe so, yes the IP service has the definition of the port #. So the port probe, references the IP Service(s) that should be probed. Each service record in turn has a unique port.. When the port probe runs, it'll look at all the port numbers, including ones you've added.

Same concept as if your company used custom port #'s for some protocol. Example: SSH is default port 22, but if a company decided to use port 22222 then you'd tweak the number to be looked-for via this technique, either replacing 22, or more likely adding a new SSH service to look for 22222

Does this help?