How to capture unauthorized changes with ServiceNow discovery?

Go to solution
Josh P1
Giga Guru

‎03-07-2019 09:50 AM

Hey all,

In a some articles and demos I have seen, it appears that there is a way to have Discovery capture and report/display unauthorized changes: a change to a CI (such as an attribute value change or the addition of a new CI) has occurred but there is no related / corresponding change ticket.

Example: server A had previously been discovered with 8gb of memory, and this value is the accepted/authorized amount.  The most recent discovery finds server A with 16gb memory; however there is no change ticket in the system that is related to server A that authorizes this addition of memory.

Unfortunately, I am having trouble figuring out the methodology that was used to do this.  Is this type of functionality/behavior achievable out of the box with the discovery plug-in?  Does this come with another plugin/module?  Or is it a custom functionality I need to implement?  (Un/Authorized changes seems like a "basic tenant" of ITIL, part of me wonder if I am not looking for right the terms in the docs?)

Thanks,

Josh

Labels:
0 Helpfuls
  • 5,459 Views
1 ACCEPTED SOLUTION

Go to solution
doug_schulze
ServiceNow Employee
ServiceNow Employee

‎03-07-2019 03:03 PM

We did this back at K16. Take a look at this lab..

View solution in original post

10 REPLIES 10

Go to solution
doug_schulze
ServiceNow Employee
ServiceNow Employee

‎03-07-2019 03:03 PM

We did this back at K16. Take a look at this lab..

Go to solution
Josh P1
Giga Guru
In response to doug_schulze

‎03-08-2019 06:35 AM

This is awesome.  Thanks Doug!

Lab 5 - Appears to provide all the answers I need.  I still have my question if using this business rule could possibly impact performance of the instance or discovery?  I would assume that this would depend on the amount of discovery done (?)...

 

Thank again,

Josh

0 Helpfuls

Go to solution
doug_schulze
ServiceNow Employee
ServiceNow Employee
In response to Josh P1

‎03-08-2019 09:31 AM

That I don't know Josh, I assume if you limit the fields it checks for unauthorized changes to it will keep it lighter.  an example you wouldn't care if 'last discovered date' changed but do care about OS version or memory

0 Helpfuls

Go to solution
Suri1
Kilo Explorer
In response to doug_schulze

‎06-15-2021 08:59 AM

Hello Doug, looks like the lab is no longer accessible. 2 years since this post, i have the same use case to solve, appreciate if you could re-share your lab for review and reference

0 Helpfuls

Go to solution
doug_schulze
ServiceNow Employee
ServiceNow Employee
In response to Suri1

‎06-15-2021 10:36 AM

Attached...

K16.zip