What elevated commands are executed by ServiceNow for Service Mapping ?

Hello Community,

I am working on configuring Service Mapping in ServiceNow and need clarity on the Unix – Enhanced ADM (ADME) probe.

From the documentation, I see that the probe requires elevated permissions to run certain commands. For example, on AIX the recommended sudoers entry is:

Cmnd_Alias ADME_CMDS=/usr/bin/netstat -Aan, /usr/sbin/lsof -iTCP -n -P
discoUser ALL=(root) NOPASSWD:ADME_CMDS
Defaults:discoUser !requiretty

Currently my user has lower level of access but i could see the processes details available in ecc_queue input details of ADME probe but those processes are not getting discovered or are not getting associated to server post discovery, what could be the reason behind this behavior?

My questions are:

• What exact commands does the Unix ADME probe execute on Linux/AIX/Solaris?

• Do I need to configure both netstat and lsof or is one sufficient?

• What information do these commands provide to Service Mapping (e.g., process‑to‑port mapping, established connections)? Or Service Mapping uses some other specific set of commands?

• Why are elevated permissions required for these commands, and are there best practices for limiting scope to only what ServiceNow needs?

I want to ensure I configure sudoers correctly so that the Discovery user has just enough privilege to run the required commands, without granting full root access.

Thanks in advance for your guidance!

Best Regards,

Pranita Bahuguni