No any credential is created for security device

Shraddha Dube · ‎05-29-2025

Hi team,

There is one change request where for one CI credential issue is coming, after discussion change owner confirmed that the mentioned CI is virtual appliance for security device and for that there is no any credential is created for this device by Unix team.

So, could you please help me to understand how to scan this security device in CMDB table?

Thanks in advance!!

Abbas_5 · ‎05-29-2025

Hello @Shraddha Dube,

Please refer to the below links:
https://noderegister.service-now.com/kb?id=kb_article_view&sysparm_article=KB0657528

OR

To scan a security device and add it to the ServiceNow CMDB, you'll typically use a discovery process or a security scanner integration. Here's a general overview of how this can be done:

1. Discovery Methods:

MID Server:

You can use a MID Server (Managed Integration Device) to scan devices within a specific network segment, including those that might be air-gapped.
Air-gapped Systems:

For air-gapped systems, you might need to generate a report or file on the device and then manually import it into ServiceNow.
Discovery Engine:

ServiceNow's discovery engine can automatically identify and classify security devices based on their configuration and features.

2. Security Scanner Integration:

Integrate with Security Tools:

You can integrate ServiceNow with external security scanners (like Nessus or other third-party tools).
Data Connector:

Connect your ServiceNow instance to the security scanner to import vulnerability and configuration information.
Security Suite:

In ServiceNow, you can create and configure security suites to align with your specific scanning requirements.
Scanning:

Run scans regularly to identify security vulnerabilities and misconfigurations, and automatically map the findings to the corresponding CMDB records.

3. CMDB Table and Configuration Item (CI) Class:

CI Class:

Choose the appropriate CI class in ServiceNow's CMDB for the security device (e.g., "Firewall", "Intrusion Detection System").
Table:

The specific table you use will depend on the CI class. You might need to create a new table or extend an existing one if the security device doesn't fit into an existing category.

4. Post-Scan Actions:

Vulnerability Classification:

Use vulnerability classification rules to categorize vulnerabilities based on your organization's perspective.
Assignment Rules:

Set up rules to automatically assign vulnerabilities to relevant teams or workflows.
Remediation:

Plan for remediation actions based on the discovered vulnerabilities and configuration issues.

In summary, you can scan security devices by leveraging discovery engines, integrating with security scanners, and utilizing ServiceNow's CMDB to store and manage the scanned information.

If this is helpful, please hit the thumbs up button and accept the correct solution by referring to this solution in future it will be helpful to them.

Thanks & Regards,

Abbas Shaik

pratiksha5 · ‎05-29-2025

Which platform they are hosted? As it is virtual you will have to cloud discovery to get the information.

Shraddha Dube · ‎05-30-2025

Hi Pratiksha,

It is not about cloud discovery, we have one CI which is Security/ virtual appliance without any credential configuration? so my que is like how to discovered it?

Pratiksha · ‎05-30-2025

You have option to go for credential less discovery. I personally dont recommend it. Can you check with security team how do they login to this devices? I mean the protocol. Most of the appliances connect via snmp or ssh. If possible share the model details for the appliances you are trying to discover.