ServiceNow auto discovery

Imran Shad
Mega Expert

Hello all,

I wish if someone could share the best practice for discovering servers through ServiceNow discovery. We have multiple MID servers deployed in our environment. The service id attached to these mid servers for server scanning is currently granted WMI access to all servers however to make that work the requirement of local admin for the service id was required. I am wondering if this poses any security issue. 

 

Thank you.

1 ACCEPTED SOLUTION

VivekSattanatha
Mega Sage
Mega Sage

Hi Imran,

 

The local admin creds are required for ServiceNow to gather most of the information. If have a plan to do a proper discovery and plan to do Servicemapping in a later phase then it's good to have local admin creds.

There is a way to use JEA from Microsoft if your company thinks of local admin as a security issue.

https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/discovery/concept/microsoft-jea-discovery.html

From my experience, many clients initially fear to give it but they would have given the local admin creds for some monitoring tools. If that's the case then ServiceNow also can use those creds. In another way, you can limit the access of discovery admin role and admin roled users in the instance for misusing these credentials from the instance.

 

Regards,

Vivek

View solution in original post

6 REPLIES 6

Anshu_Anand_
Kilo Sage
Kilo Sage

The credentials for discovery are stored in credentials table of servicenow and in encrypted format.

So no security issue from servicenow side.

I am using many local admin credentials for many servers or group of servers with same password.

As long as password is complex, change from time to time and not shared with anyone, its good.

For linux servers, we have a schedule that after 90 days password expires and it needs to be changed.

Hope its helpful

 

 

Regards,
Anshu

Just wanted to confirm again, Isn't granting WMI access to all servers pose any security risks?

There will be no threats as i have been using discovery since a long time.

discovering 7k-8k windows servers

Regards,
Anshu

VivekSattanatha
Mega Sage
Mega Sage

Hi Imran,

 

The local admin creds are required for ServiceNow to gather most of the information. If have a plan to do a proper discovery and plan to do Servicemapping in a later phase then it's good to have local admin creds.

There is a way to use JEA from Microsoft if your company thinks of local admin as a security issue.

https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/discovery/concept/microsoft-jea-discovery.html

From my experience, many clients initially fear to give it but they would have given the local admin creds for some monitoring tools. If that's the case then ServiceNow also can use those creds. In another way, you can limit the access of discovery admin role and admin roled users in the instance for misusing these credentials from the instance.

 

Regards,

Vivek