- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2017 08:07 AM
We have multiple IP addresses located in multiple ranges that we are wanting to be excluded from being scanned by any schedule and if possibly even Quick Discovery, is this possible?
Solved! Go to Solution.
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2017 06:48 PM
Hi Curtis,
A little bit of a customization will be require to prevent a quick discovery or any discovery to take place over an IP that's within an exclusion list.
1- You will first need to define where do you want to store your exclusion list. You can choose to use the OOB table or you may want to create your own
2- You will need to modify the logic that executes the Discovery. Both, quick discovery and discovery schedules rely on the core script include Discovery to execute its discovery routines. You need to be careful and very much aware of what's you're doing when you're taking ownership of this script include since upgrades from ServiceNow over this script will be skipped, so you better make sure the review and required merges for each upgrade are done as needed. You may also want to choose to only affect the logic that involves the Quick Discovery, if so, you could choose to modify the UI page quick_discovery and/or script include DiscoveryAjax. Still, the same warning in regards taking ownership of the script applies.
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-02-2021 06:35 AM
Hi Berny,
Has this been added to any recent release (e.g. Paris, Rome, etc.)?
If not, can you provide details on how to do this.
We have "sensitive" devices that can't be discovered (including scheduled and quick discovery jobs).
Thanks
JC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-24-2021 10:41 PM
Hi JC, great question! You may want to give it a try to the IP address access control (https://docs.servicenow.com/bundle/quebec-platform-administration/page/administer/login/task/t_AccessControl.html) by setting an outbound deny rule to the IP / IP range.
I'll strongly recommend you first try this in a developer instance at an IP you have priorly confirm you can access. Make sure you setup the rules properly and you're not affecting other IP you should be able to discover.
Give it a try and please let me know how it goes 🙂
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2017 06:49 PM
Curtis.Myers I hope this helps. Please don't hesitate to ask if you have any further questions.
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-27-2017 08:39 PM
Hi @Curtis.Myers, do you have any further questions?
Do you believe you can close this thread by marking the responses as helpful/correct?
Thanks,
Berny
