Operational Technology asset created by Discovery of IT CI

Kiril Petrov
Kilo Contributor

Hi all, I have a situation where while discovering Linux servers, OT assets are created in cmdb_ot_entity table. I am trying to understand why it is happening. Here is what I did to recreate the case. 

I got a Ubuntu VM , created a new non root user and discovered the machine in my PDI. 

Used command sudo usermod -aG "username" for the rights. Credentials got validated and there is no issue message for users permissions in the instance after discovering the vm. I read that Discovery for OT plugin when activated checks for every discovered CI if there is a similar one in cmdb_ot_entity table by event. If there is not then a new record is credated.

Why  do we have OT Asset created on server discovery?

find_real_file.png

Can I suppress this behavior somehow ?

Any explanation will be useful. 

Thanks in advance !

 

1 ACCEPTED SOLUTION

Fabian Kunzke
Kilo Sage
Kilo Sage

Hello,

when activating the OT discovery, this is the expected behaviour. OT assets are - as you have stated - automatically created after the discovery was run. This is triggered by the "discovery.device.complete" system event.

If you want to disable that logic - or customise it - you will have to find the matching event handler/script action in your instance. You will find all the ones reacting to the "discovery.device.complete" event here: INSTANCE_URL/nav_to.do?uri=%2Fsysevent_script_action_list.do%3Fsysparm_query%3Devent_nameSTARTSWITHdiscovery.device.complete%26sysparm_first_row%3D1%26sysparm_view%3D%26sysparm_choice_query_raw%3D%26sysparm_list_header_search%3Dtrue

Hope this helps,
Regards
Fabian

View solution in original post

5 REPLIES 5

Fabian Kunzke
Kilo Sage
Kilo Sage

Hello,

when activating the OT discovery, this is the expected behaviour. OT assets are - as you have stated - automatically created after the discovery was run. This is triggered by the "discovery.device.complete" system event.

If you want to disable that logic - or customise it - you will have to find the matching event handler/script action in your instance. You will find all the ones reacting to the "discovery.device.complete" event here: INSTANCE_URL/nav_to.do?uri=%2Fsysevent_script_action_list.do%3Fsysparm_query%3Devent_nameSTARTSWITHdiscovery.device.complete%26sysparm_first_row%3D1%26sysparm_view%3D%26sysparm_choice_query_raw%3D%26sysparm_list_header_search%3Dtrue

Hope this helps,
Regards
Fabian

Kiril Petrov
Kilo Contributor

Hello and thank you for the explanation. 

Do you know why only Linux Discoveries are populating the cmdb_ci_ot_entity table? Windows and network discoveries are not. 

We did those and only Linux is present in OT tables. 

Regards

Hi,

That is a very interesting question. I would actually have to check the code for that. The documentation hints, that all hardware can be linked to an OT asset, so i would have assumed that this happens with windows and networkdevices as well.

On the other hand, Unix based systems are more likely to be used in manufacturing processes than a MacBook, so maybe there is some more logic behind it filtering it. I will check on it, but for now i am just as surprised as you are.

Regards

Fabian

Kiril Petrov
Kilo Contributor

Hi Fabian, do you by any chance got any information regarding this specific behavior? 

Thanks !