Discovery AWS issue

Go to solution
H3ll0 Th3r3
Kilo Contributor

‎12-18-2018 12:05 PM

Hi Everyone!

I'm trying to figure out how to run discovery on AWS. Right now, I have an EC2 instance with a MID server on it and another EC2 instance that is just a plain windows 2012 server. Both servers are on the same subnet. The MID server appears to be properly linked to my ServiceNow instance.

I've tried to do Quick Discovery using the MID server and both the public & private IPs of the windows 2012 EC2 instance. Every time I try, it completes and Shazzam logs a warning saying  "[ip of destination server is here] is not a reachable host (no response to target ports scanned by MID)."

I am not really sure what to do. I just want to set up some screen shots of what discovery can do for presentation purposes. Do I need to run something on the Windows 2012 instance? Do I need to open up certain ports? I tried adding my AWS credentials in the Discovery>Credentials module.

Any advice on what my next steps should be?

Thanks in advance!

 

Labels:
0 Helpfuls
  • 2,491 Views
1 ACCEPTED SOLUTION

Go to solution
DaveHertel
Kilo Sage
Kilo Sage

‎12-18-2018 12:19 PM

Hi - if you are simply trying to use your Windows MID server (within AWS) to discover other IP's in the AWS subnet, be sure to enable the AWS security groups (SG) to allow IP comm between MID and targets.   By default AWS isn't going to allow traffic to flow, even on subnets you've defined in your VPC.   

Example:  on my AWS lab playground, I defined a Security Group that allows all internal (private IPs) to talk to teach other, on any port.  Of course you can restrict it more, but for a lab test I've allowed all local private subnets and ports to freely communicate.  Note - not PUBLIC IP's... just private subnets defined within the VPC.   By allowing all private IPs & ports to communicate, it reduces some of the hassle in a lab setting but of course, in a real-world scenario you'd want to be much more restrictive.

You can see in the screenshot other SG rules too, but for what you've described, a single SG might suffice?

Note: This is NOT Discovering Cloud resources via cloud-based discovery.  Rather, this example is just empowering traditional horizontal based discovery, but within the context aws-cloud-based subnets...

Does this help?

find_real_file.png

View solution in original post

Preview file
158 KB
Preview file
158 KB
Preview file
159 KB
5 REPLIES 5

Go to solution
Alberto Consonn
ServiceNow Employee
ServiceNow Employee

‎12-18-2018 12:19 PM

Hi,

I would suggest you to watch this video tutorial, it might help you to understand which step you're missing:

AWS Management from ServiceNow

If I have answered your question, please mark my response as correct so that others with the same question in the future can find it quickly and that it gets removed from the Unanswered list.

Thank you

Cheers
Alberto

Go to solution
DaveHertel
Kilo Sage
Kilo Sage

‎12-18-2018 12:19 PM

Hi - if you are simply trying to use your Windows MID server (within AWS) to discover other IP's in the AWS subnet, be sure to enable the AWS security groups (SG) to allow IP comm between MID and targets.   By default AWS isn't going to allow traffic to flow, even on subnets you've defined in your VPC.   

Example:  on my AWS lab playground, I defined a Security Group that allows all internal (private IPs) to talk to teach other, on any port.  Of course you can restrict it more, but for a lab test I've allowed all local private subnets and ports to freely communicate.  Note - not PUBLIC IP's... just private subnets defined within the VPC.   By allowing all private IPs & ports to communicate, it reduces some of the hassle in a lab setting but of course, in a real-world scenario you'd want to be much more restrictive.

You can see in the screenshot other SG rules too, but for what you've described, a single SG might suffice?

Note: This is NOT Discovering Cloud resources via cloud-based discovery.  Rather, this example is just empowering traditional horizontal based discovery, but within the context aws-cloud-based subnets...

Does this help?

find_real_file.png

Preview file
158 KB
Preview file
158 KB
Preview file
159 KB

Go to solution
H3ll0 Th3r3
Kilo Contributor
In response to DaveHertel

‎12-18-2018 12:35 PM

Hey Dave!

 

Thanks so much for the help! I will let you know if this works. By cloud based discovery do you mean discovery through cloud management? Sorry, I am still new to all of this. Would you suggest using that instead using my current approach?

 

Best,

H3ll0 Th3r3

0 Helpfuls

Go to solution
DaveHertel
Kilo Sage
Kilo Sage
In response to H3ll0 Th3r3

‎12-18-2018 12:43 PM

Hi --

if you are already familiar with basic, traditional discovery (i.e. not in the cloud... but using infrastructure at your company), then I'd suggest starting with trying to use the same approach -- that is use traditional horizontal discovery just like you are used too.  The only difference here is setting up AWS security so it doesn't get in your way... i.e. prevent IP communication between MID-targets.

Then, I'd move on to cloud-based discovery.  Its a bigger & different beast...  so I'd wait on that for a bit (IMHO).


Good luck -- Hope that helps?

0 Helpfuls