Restriction on Credential or credential type for an IP Address

Pallavika Mehra
Tera Contributor

‎04-07-2023 02:29 AM

Hi, 

 

We want to restrict an IP address to be scanned by a particular credential or credential type. For example, if an IP address is of a Network Router or a switch then it should be scanned only by SNMP credential and not by any other credentials. 

Please let me know if there is any possible way to achieve this requirement?

 

Thanks, 

Pallavika

 

0 Helpfuls
  • 476 Views
3 REPLIES 3

Niklas Peterson
Mega Sage
Mega Sage

‎04-15-2023 12:44 AM

Hi,

Set up a Discovery schedule for the IP address and use a behavior to only scan snmp. Then make sure that the IP is not included in any other schedules.

https://docs.servicenow.com/bundle/utah-it-operations-management/page/product/discovery/concept/c_Di... 

Regards,
Niklas

0 Helpfuls

Rahul Kumar17
Tera Guru

‎04-15-2023 04:40 AM

Hi Pallavika,

 

Yes, it is possible to achieve this requirement in ServiceNow Vulnerability Response (VR) by using Credential Scanning Profiles.

Here are the steps to achieve this requirement:

  1. Create a new Credential Scanning Profile by navigating to "Vulnerability > Administration > Credential Scanning Profiles > New".
  2. In the "Conditions" tab of the Credential Scanning Profile, create a new condition to include only the Network Routers and switches based on their IP address range. For example, you can use a condition like "IP Address starts with 192.168.1." to include all devices with IP addresses in the range of 192.168.1.1 - 192.168.1.255.
  3. In the "Credentials" tab of the Credential Scanning Profile, add the SNMP credential and configure it with the appropriate settings to scan the included IP address range. You can also exclude other credentials from being used for this IP address range.
  4. Save the Credential Scanning Profile.

Once the Credential Scanning Profile is created, you can associate it with a Vulnerability Scan Schedule or a Vulnerability Scan Target to ensure that the included IP address range is scanned only with the SNMP credential and not with any other credentials.

Note that this approach assumes that you have already configured the appropriate SNMP credential and have tested it successfully to scan the Network Routers and switches.

 

Thanks,

Rahul Kumar

If my response helped please mark it correct and close the thread.

Thanks,
Rahul Kumar
0 Helpfuls

pratiksha5
Mega Sage

‎04-17-2023 05:53 AM

Hi, you can do this only if you know which IP ranges will be suitable for respective class. Now say you know 10.1.1.12 - 10.1.1.78 is SNMP device. You can create a behaviour 

 

  1. Go to the ServiceNow Discovery application and navigate to the "Behaviors" module.

  2. Click on the "New Behavior" button to create a new behavior.

  3. In the behavior form, enter a name for the behavior and select "SNMP" as the discovery method.

  4. Under the "Discovery Schedule" section, select the frequency and timing for the discovery to run.

  5. In the "IP Address Range" section, specify the IP address range for the SNMP devices you want to discover. You can use CIDR notation to specify a range of IP addresses.

  6. Under the "Credentials" section, enter the SNMP community string to use for the discovery.

  7. Click on the "Save" button to save the behavior.

Once the behavior is saved, you can run a Discovery schedule to start discovering SNMP devices based on the configured behavior. The Discovery process will scan the specified IP address range and use SNMP to gather information about the discovered devices. Any devices that are not SNMP-enabled will not be discovered as part of this behavior.

 

0 Helpfuls