- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-18-2022 08:00 AM
We have a lot of global IP address lists in ServiceNow split between IP Lists, IP Ranges and IP Subnets.
Is it possible to provide a list of IP addresses and see if it is in a global IP exclusion list and which one?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-19-2022 05:49 AM
Hi
I have a script to do what I want. It's very horrible and can easily be optimised (and better commented) but it's just for a one time run for now. The main issue was the fact IP Exclusion lists can be IP Lists, IP Subnets, or IP ranges and they are all stored in different tables
In this script, I can put in the list of IP addresses I want to check in the list "ipAddresses" and at the end I print out the results. This prints the IP address and IP Exclusion list it's in. (note, it will have 1 entry per time the IP address is in an exclusion list, so if it's in two lists you will see
192.168.0.0 : Exclusion list 1
192.168.0.0 : Exclusion list 2
)
The code I used is below:
// Function for splitting Subnets to check if an IP address is in the subnet
function IPnumber(IPaddress) {
var ip = IPaddress.match(/^(\d+)\.(\d+)\.(\d+)\.(\d+)$/);
if(ip) {
return (+ip[1]<<24) + (+ip[2]<<16) + (+ip[3]<<8) + (+ip[4]);
}
return null;
}
// Function for splitting Subnets to check if an IP address is in the subnet
function IPmask(maskSize) {
return -1<<(32-maskSize);
}
// function to see if an IP Address is in the IP Address range
function isWithinRange(ip, lowerBound, upperBound) {
var ips = [ip.split('.'), lowerBound.split('.'), upperBound.split('.')];
for(var i = 0; i < ips.length; i++) {
for(var j = 0; j < ips[i].length; j++) {
ips[i][j] = parseInt(ips[i][j]);
}
ips[i] =
(ips[i][0] << 24) +
(ips[i][1] << 16) +
(ips[i][2] << 8) +
(ips[i][3]);
}
if(ips[0] >= ips[1] && ips[0] <= ips[2])
return true;
else
return false;
}
// List of IP addresses to check
var ipAddress = [
"10.4.76.158"
];
var results = [];
for (address=0; address<ipAddress.length; address++){
gs.print(ipAddress[address]);
// get the list of all active IP exclusion lists
var exclusionLists = new GlideRecord('ip_exclusion');
exclusionLists.addActiveQuery();
exclusionLists.query();
// check each exclusion list for the IP address behind it
while(exclusionLists.next()){
//gs.print(exclusionLists.ip_excluded.getDisplayValue());
var ipAddressList = new GlideRecord('ip_address_list');
ipAddressList.addQuery('name', exclusionLists.ip_excluded.getDisplayValue());
ipAddressList.query();
// if one is returned, then this is an ip address list
if(ipAddressList.next()){
gs.print("Address List Here " + ipAddressList.name);
gs.print(ipAddress[address]);
var addressList = new GlideRecord('ip_address_list_item_m2m');
addressList.addQuery('ip_address_list.name', ipAddressList.name);
addressList.addQuery('ip_address_item.name', ipAddress[address]);
addressList.query();
if(addressList.next()){
// found an address from address list
// need to return the property "ip_address_list"
//gs.print("Found");
//results[ipAddress[address]] = addressList.ip_address_list;
gs.print(ipAddressList.name);
var tmp = '' + ipAddressList.name;
results.push({
key:ipAddress[address],
value: (tmp)
});
}
// if the exclusion list is an IP address range
var ipAddressRange = new GlideRecord('ip_address_range');
ipAddressRange.addQuery('name', exclusionLists.ip_excluded.getDisplayValue());
ipAddressRange.query();
if(ipAddressRange.next()){
var start = ipAddressRange.start_ip;
var end = ipAddressRange.end_ip;
if(isWithinRange(ipAddress[address],start,end)){
var tmp = '' + addressList.ip_address_list;
results.push({
key:ipAddress[address],
value: (tmp)
});
}
}
// if the exclusion list is an IP address subnet
var ipAddressSubnet = new GlideRecord('ip_address_subnet');
ipAddressSubnet.addQuery('name', exclusionLists.ip_excluded.getDisplayValue());
ipAddressSubnet.query();
if(ipAddressSubnet.next()){
// we now know this is an ip address subnet
if(((IPnumber(ipAddressSubnet.network_ip) & IPmask(ipAddressSubnet.netmask) == IPnumber(ipAddress[address]))) == true) {
// found the exclusion, need to push the name
var tmp = '' + exclusionLists.ip_excluded.getDisplayValue();
results.push({
key:ipAddress[address],
value: (tmp)
});
}
}
}
}
}
str = JSON.stringify(results, null, 4);
gs.print(str);

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-18-2022 04:26 PM
Hi Stephen,
Please check this doc if it is helpful:
https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/discovery/referenc...
Mark Correct or Helpful if it helps.
***Mark Correct or Helpful if it helps.***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-19-2022 01:06 AM
Hello Yousaf
Thank you for the response. I believe this article is saying how to add a global IP Address list.
We have about 100 IP exclusion lists (each for different purposes). In the question I asked about finding out for 1 IP address if it's excluded and which list just to simplify the question here.
However, I have about 1000 IP addresses and I'd like an output of
IP address 1 : Not excluded
IP address 2: excluded by <exclusion list>
and so on because I have a business need for these to know if they are excluded and why (so which IP exclusion list it's in.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-19-2022 05:49 AM
Hi
I have a script to do what I want. It's very horrible and can easily be optimised (and better commented) but it's just for a one time run for now. The main issue was the fact IP Exclusion lists can be IP Lists, IP Subnets, or IP ranges and they are all stored in different tables
In this script, I can put in the list of IP addresses I want to check in the list "ipAddresses" and at the end I print out the results. This prints the IP address and IP Exclusion list it's in. (note, it will have 1 entry per time the IP address is in an exclusion list, so if it's in two lists you will see
192.168.0.0 : Exclusion list 1
192.168.0.0 : Exclusion list 2
)
The code I used is below:
// Function for splitting Subnets to check if an IP address is in the subnet
function IPnumber(IPaddress) {
var ip = IPaddress.match(/^(\d+)\.(\d+)\.(\d+)\.(\d+)$/);
if(ip) {
return (+ip[1]<<24) + (+ip[2]<<16) + (+ip[3]<<8) + (+ip[4]);
}
return null;
}
// Function for splitting Subnets to check if an IP address is in the subnet
function IPmask(maskSize) {
return -1<<(32-maskSize);
}
// function to see if an IP Address is in the IP Address range
function isWithinRange(ip, lowerBound, upperBound) {
var ips = [ip.split('.'), lowerBound.split('.'), upperBound.split('.')];
for(var i = 0; i < ips.length; i++) {
for(var j = 0; j < ips[i].length; j++) {
ips[i][j] = parseInt(ips[i][j]);
}
ips[i] =
(ips[i][0] << 24) +
(ips[i][1] << 16) +
(ips[i][2] << 8) +
(ips[i][3]);
}
if(ips[0] >= ips[1] && ips[0] <= ips[2])
return true;
else
return false;
}
// List of IP addresses to check
var ipAddress = [
"10.4.76.158"
];
var results = [];
for (address=0; address<ipAddress.length; address++){
gs.print(ipAddress[address]);
// get the list of all active IP exclusion lists
var exclusionLists = new GlideRecord('ip_exclusion');
exclusionLists.addActiveQuery();
exclusionLists.query();
// check each exclusion list for the IP address behind it
while(exclusionLists.next()){
//gs.print(exclusionLists.ip_excluded.getDisplayValue());
var ipAddressList = new GlideRecord('ip_address_list');
ipAddressList.addQuery('name', exclusionLists.ip_excluded.getDisplayValue());
ipAddressList.query();
// if one is returned, then this is an ip address list
if(ipAddressList.next()){
gs.print("Address List Here " + ipAddressList.name);
gs.print(ipAddress[address]);
var addressList = new GlideRecord('ip_address_list_item_m2m');
addressList.addQuery('ip_address_list.name', ipAddressList.name);
addressList.addQuery('ip_address_item.name', ipAddress[address]);
addressList.query();
if(addressList.next()){
// found an address from address list
// need to return the property "ip_address_list"
//gs.print("Found");
//results[ipAddress[address]] = addressList.ip_address_list;
gs.print(ipAddressList.name);
var tmp = '' + ipAddressList.name;
results.push({
key:ipAddress[address],
value: (tmp)
});
}
// if the exclusion list is an IP address range
var ipAddressRange = new GlideRecord('ip_address_range');
ipAddressRange.addQuery('name', exclusionLists.ip_excluded.getDisplayValue());
ipAddressRange.query();
if(ipAddressRange.next()){
var start = ipAddressRange.start_ip;
var end = ipAddressRange.end_ip;
if(isWithinRange(ipAddress[address],start,end)){
var tmp = '' + addressList.ip_address_list;
results.push({
key:ipAddress[address],
value: (tmp)
});
}
}
// if the exclusion list is an IP address subnet
var ipAddressSubnet = new GlideRecord('ip_address_subnet');
ipAddressSubnet.addQuery('name', exclusionLists.ip_excluded.getDisplayValue());
ipAddressSubnet.query();
if(ipAddressSubnet.next()){
// we now know this is an ip address subnet
if(((IPnumber(ipAddressSubnet.network_ip) & IPmask(ipAddressSubnet.netmask) == IPnumber(ipAddress[address]))) == true) {
// found the exclusion, need to push the name
var tmp = '' + exclusionLists.ip_excluded.getDisplayValue();
results.push({
key:ipAddress[address],
value: (tmp)
});
}
}
}
}
}
str = JSON.stringify(results, null, 4);
gs.print(str);