Excluding an IP from discovery

Todd36 · ‎01-30-2020

Is there a way to exclude a specific IP from being discovered?

Use case: we have seed lists of IPs that are automatically generated that SN imports into range lists and some IPs may never actually be discovered but the attempts raise red flags on the targets. We like to keep specific IPs from being discovered.

I tried to add an IP to the MID as an exclude, see attached, but that's apparently not what it's for as it when through the discovery attempt anyway.

DaveHertel · ‎01-30-2020

Hi - Yes, discovery can be set to exclude IPS from jobs. On the Disco job defintion there is IP range items... and a table for defining exclusion IPs discovery_range_item_exclude I don't think this table is exposed in left nav by default ( but u can add it of course or make a favorite)

its a little awkward... but the process:

1. create schedule

2. create ip range for that schedule (save it)

3. drill into ip range and definition specific IPs to exclude, either singular or a range

EXAMPLE

then drill into ip range, and ADD a Discovery Range item exclusion record. like this... where .10 thru .20 is excluded

which, can be seen in the exclusion table:discovery_range_item_exclude

DOCS: https://docs.servicenow.com/bundle/geneva-it-operations-management/page/product/discovery/task/t_Exc...

Hope this helps?

View solution in original post

DaveHertel · ‎01-30-2020

Hi - Yes, discovery can be set to exclude IPS from jobs. On the Disco job defintion there is IP range items... and a table for defining exclusion IPs discovery_range_item_exclude I don't think this table is exposed in left nav by default ( but u can add it of course or make a favorite)

its a little awkward... but the process:

1. create schedule

2. create ip range for that schedule (save it)

3. drill into ip range and definition specific IPs to exclude, either singular or a range

EXAMPLE

then drill into ip range, and ADD a Discovery Range item exclusion record. like this... where .10 thru .20 is excluded

which, can be seen in the exclusion table:discovery_range_item_exclude

DOCS: https://docs.servicenow.com/bundle/geneva-it-operations-management/page/product/discovery/task/t_Exc...

Hope this helps?

Todd36 · ‎09-23-2020

Hi Dave - it appears you can't do single IPs?

Michael Ritchie · ‎01-30-2020

Its been years since I did this so may not be applicable anymore but... If you click into the Discovery IP Range record, there is a related list that allows you to define the exceptions. See this Helsinki article as an example:

https://docs.servicenow.com/bundle/helsinki-it-operations-management/page/product/discovery/task/t_E...

Again I couldn't find recent version of this same article so may no longer apply or be setup in a different area.

John Krueger · ‎02-04-2020

Thank you for this helpful post! I've had much success with Dave's approach in New York. However I have about an IP Addresses which needs to be excluded where the IP to exclude is NOT within the parent discovery range.

For example I have 6 schedules with different Discovery Ranges but as each schedule executes they send traffic to a Aruba Clearpass server IPAddress which handles various authentication services, but this Aruba IP is on a totally different network segment.

Would Dave's same approach work in this case?