Global IP exclusion does not seem to work for ESX Servers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-19-2025 12:47 PM
We are getting notification from IT Security team that have detected failed authentication attempts from MID server. We are running VCenter Discovery to get all the VMWare components. We have added the ESX Server IP addresses to the "Global IP Exclusion" and also the specific schedule that runs the subnets where the ESX servers are located, BUT that has not seemed to stop these failed SSH login attempts.n Has anyone seen this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-21-2025 12:02 AM
Hi @jimmillet , you have added the ESXI servers IP in the Global Exclusion list --> This doesn't work because discovery identifies the ESXI servers not form the traditional horizontal discovery. But rather from the VCenter discovery itself via few Probes and Sensors. So the mid trying to get the data from ESXI servers will still be happening.
A line form product documentation --> "Discovery identifies and classifies information about ESXi servers and ESXi resource pools through the discovery of vCenter and not from the direct discovery of any ESXi servers.".
So you might have to implements some custom solution like blocking any requests for all the ESXI servers from the network level but not rather from SN.
More info can be found at https://www.servicenow.com/docs/bundle/xanadu-it-operations-management/page/product/discovery/refere...
