How do create a custom probe and sensor for Kronos time clocks in Kingston?

cynlink1 · ‎08-02-2018

I have been asked to discovery Kronos time clock devices. ServiceNow does not provide probes and sensors for these devices out of the box. After upgrading to Kingston, I started using credential-less discovery to create the CI. However, I need to capture much more information than just the IP address.

I have no experiencing creating custom probes and sensors to correctly capture and classify the CI's data. I was hoping to find someone who has successfully completed this task to lend me some guidance.

Thank you in advance!

---------------------------------------------

c:\Program Files (x86)\Nmap> nmap 10.XX.XX.226 -F
Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-02 15:43 Eastern Daylight Time
Nmap scan report for XX.XX.XX.226
Host is up (0.10s latency).
Not shown: 95 closed ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
80/tcp open http
443/tcp open https
5432/tcp open postgresql

Nmap done: 1 IP address (1 host up) scanned in 5.09 seconds

c:\Program Files (x86)\Nmap> nmap XX.XX.XX.226 -F -sV -O
Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-02 15:48 Eastern Daylight Time
Nmap scan report for XX.XX.XX.226
Host is up (0.065s latency).
Not shown: 95 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Tornado vxWorks ftpd 5.5.1
23/tcp open telnet VxWorks telnetd
80/tcp open http Allegro RomPager 4.52
443/tcp open ssl/https?
5432/tcp open tcpwrapped
Aggressive OS guesses: Apple Mac OS X 10.4.8 - 10.4.11 (Tiger) (Darwin 8.8.0 - 8.11.0) (91%), Apple Mac OS X 10.4.8 - 10.4.9 (Tiger) (Darwin 8.8.0 - 8.9.0, PowerPC) (91%), Apple Mac OS X 10.4 (Tiger) (Darwin 8.0.0) (91%), Apple Mac OS X 10.5 (Leopard) (Darwin 9.0.0) (91%), Apple Mac OS X 10.4.10 - 10.4.11 (Tiger) (Darwin 8.10.0 - 8.11.1) (90%), VxWorks 5.5 (90%), Cisco SPA 303 VoIP phone, Nortel 5520 Ethernet Routing Switch, or Sun StorageTek 6140 NAS device (89%), Epson AcuLaser C1100N printer (89%), VxWorks (89%), Enterasys Matrix E1 switch (VxWorks) (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 7 hops
Service Info: OS: VxWorks; CPE: cpe:/o:windriver:vxworks

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 34.80 seconds

Michael Skov2 · ‎08-03-2018

How is the device configured? Can you discover it with snmp or wmi?

I would then create a discovery pattern.

cynlink1 · ‎08-03-2018

Hi Michael,

Thanks for the quick response.

To configure a new device, we program in the ID/IP info on the clock itself and then ship it to the remote location/office. Once it is connected to the network (at the remote location) and the Kronos server can see it, we push the configuration from the Kronos server down to the device.

Once up and running the Kronos InTouch 9100 devices (runs Android OS) can also be remotely accessed via TightVNC as long as remote management was enabled during the initial configuration. We also use the 4500 model (java based), and the device can be accessed via it's IP using https.

Our LANDESK Management Suite and ForeScout tools are able to inventory these devices using NMAP.

--------------------------------------------------------------------------------------

Here is the XML export from ServiceNow for a time clock discovered using credential-less discovery.

<?xml version="1.0" encoding="UTF-8"?>
<unload unload_date="2018-08-03 20:14:09">
<cmdb_ci_hardware action="INSERT_OR_UPDATE">
<asset display_value="Unknown">f67b9a4bdb6f9b003669d92b5e961XXX</asset>
<asset_tag/>
<assigned/>
<assigned_to display_value=""/>
<assignment_group display_value=""/>
<attributes/>
<can_print>false</can_print>
<category/>
<change_control display_value=""/>
<checked_in/>
<checked_out/>
<comments/>
<company display_value=""/>
<correlation_id/>
<cost/>
<cost_cc>USD</cost_cc>
<cost_center display_value=""/>
<default_gateway/>
<delivery_date/>
<department display_value=""/>
<discovery_source>CredentiallessDiscovery</discovery_source>
<dns_domain/>
<due/>
<due_in/>
<fault_count>0</fault_count>
<first_discovered>2018-07-31 17:05:51</first_discovered>
<fqdn/>
<gl_account/>
<hardware_status>installed</hardware_status>
<hardware_substatus/>
<install_date/>
<install_status>1</install_status>
<invoice_number/>
<ip_address>10.10.10.226</ip_address>
<justification/>
<last_discovered>2018-08-03 06:02:07</last_discovered>
<lease_id/>
<location display_value=""/>
<mac_address/>
<maintenance_schedule display_value=""/>
<managed_by display_value=""/>
<manufacturer display_value=""/>
<model_id display_value="Unknown">a8920287dbe31300e2f13ebd7c9619ed</model_id>
<model_number/>
<monitor>false</monitor>
<name>XXX.XXX.XXX.226</name>
<operational_status>1</operational_status>
<order_date/>
<owned_by display_value=""/>
<po_number/>
<purchase_date/>
<schedule display_value=""/>
<serial_number/>
<short_description/>
<skip_sync>false</skip_sync>
<start_date/>
<subcategory/>
<support_group display_value=""/>
<supported_by display_value=""/>
<sys_class_name>cmdb_ci_hardware</sys_class_name>
<sys_class_path>/!!/!O</sys_class_path>
<sys_created_by>mid.server</sys_created_by>
<sys_created_on>2018-07-31 17:05:51</sys_created_on>
<sys_domain>global</sys_domain>
<sys_domain_path>/</sys_domain_path>
<sys_id>7e7b9a4bdb6f9b003669d92b5e9619c8</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_updated_by>mid.server</sys_updated_by>
<sys_updated_on>2018-08-03 06:02:07</sys_updated_on>
<unverified>false</unverified>
<vendor display_value=""/>
<warranty_expiration/>
</cmdb_ci_hardware>
</unload>

Michael Skov2 · ‎08-05-2018

I would definitely contact the vendor, to get info on snmp etc. The NMAP doesnt give much as it is credentialless and you propably need snmp access.

cynlink1 · ‎08-08-2018

I obtained the port information from Kronos - see attached. For the Kronos InTouch clocks, ports 80 or 443 are used for Web server HTTP:80, HTTPS: 443 (for usage with server-initiated protocol from Device Manager).

SNMP access is not an option.