Operational Technology asset created by Discovery of IT CI

Kiril Petrov · ‎08-11-2022

Hi all, I have a situation where while discovering Linux servers, OT assets are created in cmdb_ot_entity table. I am trying to understand why it is happening. Here is what I did to recreate the case.

I got a Ubuntu VM , created a new non root user and discovered the machine in my PDI.

Used command sudo usermod -aG "username" for the rights. Credentials got validated and there is no issue message for users permissions in the instance after discovering the vm. I read that Discovery for OT plugin when activated checks for every discovered CI if there is a similar one in cmdb_ot_entity table by event. If there is not then a new record is credated.

Why do we have OT Asset created on server discovery?

Can I suppress this behavior somehow ?

Any explanation will be useful.

Thanks in advance !

Fabian Kunzke · ‎08-12-2022

Hello,

when activating the OT discovery, this is the expected behaviour. OT assets are - as you have stated - automatically created after the discovery was run. This is triggered by the "discovery.device.complete" system event.

If you want to disable that logic - or customise it - you will have to find the matching event handler/script action in your instance. You will find all the ones reacting to the "discovery.device.complete" event here: INSTANCE_URL/nav_to.do?uri=%2Fsysevent_script_action_list.do%3Fsysparm_query%3Devent_nameSTARTSWITHdiscovery.device.complete%26sysparm_first_row%3D1%26sysparm_view%3D%26sysparm_choice_query_raw%3D%26sysparm_list_header_search%3Dtrue

Hope this helps,
Regards
Fabian

View solution in original post

Fabian Kunzke · ‎08-12-2022

Hello,

when activating the OT discovery, this is the expected behaviour. OT assets are - as you have stated - automatically created after the discovery was run. This is triggered by the "discovery.device.complete" system event.

If you want to disable that logic - or customise it - you will have to find the matching event handler/script action in your instance. You will find all the ones reacting to the "discovery.device.complete" event here: INSTANCE_URL/nav_to.do?uri=%2Fsysevent_script_action_list.do%3Fsysparm_query%3Devent_nameSTARTSWITHdiscovery.device.complete%26sysparm_first_row%3D1%26sysparm_view%3D%26sysparm_choice_query_raw%3D%26sysparm_list_header_search%3Dtrue

Hope this helps,
Regards
Fabian

Kiril Petrov · ‎08-12-2022

Hello and thank you for the explanation.

Do you know why only Linux Discoveries are populating the cmdb_ci_ot_entity table? Windows and network discoveries are not.

We did those and only Linux is present in OT tables.

Regards

Fabian Kunzke · ‎08-12-2022

Hi,

That is a very interesting question. I would actually have to check the code for that. The documentation hints, that all hardware can be linked to an OT asset, so i would have assumed that this happens with windows and networkdevices as well.

On the other hand, Unix based systems are more likely to be used in manufacturing processes than a MacBook, so maybe there is some more logic behind it filtering it. I will check on it, but for now i am just as surprised as you are.

Regards

Fabian

Kiril Petrov · ‎08-16-2022

Hi Fabian, do you by any chance got any information regarding this specific behavior?

Thanks !