How to Identify Actual Devices vs Secondary IPs in Credential-less ServiceNow Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
We are currently implementing ServiceNow Discovery for a customer on the Yokohama release.
When ServiceNow Discovery runs with valid credentials, servers are discovered successfully. Discovery is able to collect detailed OS-level and network interface information and accurately identify, classify, and update all associated primary and secondary IP addresses in the CMDB. However, for devices present on the network without credentials, Discovery is limited to basic, network-level identification. Credential-less discovery cannot determine whether these IP addresses represent standalone devices or secondary IPs associated with existing servers.
When this was raised with the Infrastructure team, they indicated that many of these “unknown devices” are not actual devices, but rather secondary IPs bound to different network interfaces on the same server. Additionally, the Infrastructure team does not have complete visibility into whether Group Policies (GPOs) are applied across all devices, which further limits their ability to track and manage these assets.
Despite these challenges, the customer would like comprehensive visibility into unknown or unmanaged devices on the network, including operating system details. We understand that ownership and validation of these assets ultimately rests with the customer; however, we would like to support them in achieving this vision.
To address this requirement, we have developed a script using Nmap to identify operating system details through OS fingerprinting and to resolve hostnames using nslookup. However, secondary IP addresses remain a challenge, as they typically do not have corresponding DNS or domain entries. As a result, we are unable to reliably differentiate actual devices from secondary IPs, which leads to inflated device counts.
We have requested a source of truth from Active Directory, monitoring tools, or an NMS export to establish a baseline and reconcile discovered data. However, the customer is keen to understand the strategic approach followed by other organizations to solve this problem at scale.
We recognize that the long-term solution requires strong governance and ownership; however, given the customer’s interest in actively addressing this challenge, we are exploring whether there is a technical approach that can complement governance and help them move toward their target state.
Could someone suggest an approach to identify devices along with their operating systems (so they can be routed to the appropriate Windows or Linux SPOC) that are hidden on the network, have no credentials applied, and have no clear ownership, while avoiding overcounting caused by secondary IP addresses?
