Discovery using SNMP and SSH at the same time

Rakesh16i
Kilo Expert

‎05-09-2019 01:53 AM

We are trying to discover Firewalls using SSH credentials and create them Firewall CIs. once they are successfully discovered, we would like to use SNMP credentils to do some SNMP walk during exploration phase.

Is it possible to use both type of credentials alternatively?

Regards,
Rakesh

Labels:
0 Helpfuls
  • 2,207 Views
5 REPLIES 5

Shashikant Yada
Tera Guru

‎05-09-2019 02:30 AM

Hope this works:

Credential order

When Orchestration attempts to run a command on an SSH server (such as a Linux or UNIX machine), or when Discovery attempts to query an SNMP device (such as a printer, router, or UPS), the application tries the credentials in the Credentials [discovery_credential] table randomly, until it finds one that works.

Credentials can be assigned an order value in the Credentials Form, which forces Discovery and Orchestration to try all the credentials at their disposal in a certain sequence. Ordering credentials is useful in the following situations:
  • The credentials table contains many credentials, with some used more frequently than others. For example, if the table contains 150 SSH credentials, and 5 of those are used to log into 90% of the devices, it is good practice to configure those five with low order numbers, which places them at the top of the execution list. Discovery and Orchestration will work faster if they try these common credentials first. After the first successful connection, the system knows which credentials to use the next time for each device.
  • The system has aggressive login security. For example, if the Solaris database servers in the network only allow three failed login attempts before they lock out the MID Server, configure the database credentials with a low order value.

https://docs.servicenow.com/bundle/geneva-it-operations-management/page/product/discovery/reference/...

0 Helpfuls

Rakesh16i
Kilo Expert
In response to Shashikant Yada

‎05-09-2019 05:28 AM

Not actually. I am not referring to the usage of matching credential.

Using multiple credentials for one device. Like SNMP credential to execute SNMP pronnes and SSH credentials to execute SSH probes (during same device discovery).

0 Helpfuls

tim_broberg
ServiceNow Employee
ServiceNow Employee

‎05-09-2019 08:48 AM

You would need a classifier for your class that can figure out which devices are members of this new class.

That classifier has a "Triggers Probes" list of stuff that runs once a device is classified, and you can freely mix probe types there. Each probe will figure out for itself which credentials to use.
    - Tim.

Jay118
Tera Contributor
In response to tim_broberg

‎11-30-2022 02:01 PM

I have the same question. In my case, I'm trying to discover virtual firewalls. SNMP works to get most fields, but I need SSH to get serial number. The shazzam probe is reporting that that both SNMP and SSH ports are "open", but only the SNMP - Classification gets launched and not the SSH - Classification. Is it because only one can be done at a time? Maybe a setting changed at my company? I used to see in the ECC queue multiple protocol classifications getting launched in one discovery.

0 Helpfuls