- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2024 12:21 PM
Hello SN Community,
My company's security team has given us a requirement to identify which CIs are internet facing, and also identify which of those CIs are protected by a Web Application Firewall (WAF).
Our CMDB team is struggling to identify out-of-box sources and destinations for these types of attributes.
Have any other community members achieved this with Discovery, Service Graph Connectors, or other non-custom integrations? - if so, what did you use?
-or-
Has anyone achieved this through customization? -if so, what data sources did you use?
Thanks in advance
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2024 09:56 PM
If you have CSDM framework installed, you can achieve this via Data Classification field (public)
Example: A Server can have multiple applications installed in it. If any application Data classification is public, then you may consider that as a internet facing.
So if a CI relationship contains these kind of business applications, then that CI can be considered as Internet facing.
You may also consider to use business app field audience type (but before doing anything, all these applications should be configured correctly. Need to contact the application owners to take that information)
If you don't have CSDM framework, you can see the Service(cmdb_ci_service) table.
Thanks,
Narsing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2024 05:53 AM
There are no OOTB attributes available for your questions as it depends on your company network whether you CI is "Internet faced" or not. Furthermore it is not clear what your understanding of "Internet faced" is. Does it mean that the CIs can access the Internet or can they be reached from the Internet?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2024 05:57 AM
I believe they are referencing the OOB attribute - "Internet Facing" under the cmdb_ci_hardware table. They're asking if anybody has used any successfull methods of identifying what meets this criteria. I don't understant why ServiceNow has this default value set to TRUE OOB. I get what you're saying about defining this though. My organization is currently debating the criteria that defines this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2024 01:52 PM
Security is trying to identify potential entry points from the external internet to our internal network.
So internet facing = accessible from outside of our network.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2024 01:58 PM
Thank you MrSmitty for pointing out the internet facing attribute in the hardware table. I had not noticed it before.
Are you aware if any SGC or out of the box discovery source has the ability to populate that attribute? I agree that True is an unreliable default value...
