ServiceNow Agent Client Collector for MSSQL Discovery

rahulyamgar · ‎03-17-2023

Hello team,

We just started with using the ACC agents for the ServiceNow Discovery. Its bringing all the good stuff related to OS details and running processes, software installations. What we are looking for is Database Instances.

Can we have the database instances discovered and relationships created using ACC? We dont have a choice of using Horizontal discovery for this.

Please suggest. @ashutoshmunot ITOM Success Packs

Thanks,
Rahuil

CharlesGriff · ‎05-30-2024

This is working as of the vancouver release we are currently doing testing with the ACC for visibilty and it can discover all the windows database information on the servers by executing the patterns locally.

vhiinnz · ‎08-02-2024

saw this doc as mentioned above that we can have patterns execute locally

https://docs.servicenow.com/bundle/washingtondc-it-operations-management/page/product/agent-client-c...

Nilanjan1 · ‎11-21-2024

Hello All,

Did anyone get a response ?

Regards,

Nilanjan

VijayK885887282 · ‎03-11-2025

All, @rahulyamgar
Hope you have been able to refer to this documentation page.

https://www.servicenow.com/docs/bundle/washingtondc-it-operations-management/page/product/discovery/...

We have recently performed this on our infrastructure and able to discover the SQL Instances (and also Databases).
It's primarily using ACC (and elements of horizontal discovery via MID Server).

Few Important Points:
1. Make sure to follow all the steps described in the documentation
2. Also, ensure to update the pattern allow list in the agent's config folder to the one mentioned in https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1585764

We too struggled a bit and also reached out to NOW Support for some further clarifications and troubleshooting.
Please let the community know how it goes and will be happy to provide any additional info that could help.

VijayK885887282 · 2 hours ago

I have made a key summary of accumulating several challenges in maintaining the complexity involved with ACC + MSSQL Discovery and recent conversations with ServiceNow Support and ITOM teams. Given below with highlights:

ACC patterns allow‑lists are instance‑specific and time‑dependent because they are generated dynamically from live pattern content, runtime‑dependent variables, and iterative execution feedback rather than from static ServiceNow documentation.

ACC allow‑lists are designed to be regenerated iteratively, but deployment overhead exists when customers choose host‑local allow‑list files instead of ServiceNow‑managed ACC policy distribution.

Scenario	Policy‑managed allow‑list	Host‑local allow‑list
ACC‑Visibility (OS, SW, processes)	✅ Yes	❌ Not required
ACC Monitoring checks	✅ Yes	❌ Not required
MSSQL DB Discovery via patterns	❌ No	✅ Required
Push‑based Discovery via ACC	❌ No	✅ Required

Category	ACC Policy Allow‑list	Host‑local Allow‑list
OS inventory	✅ Works	❌ Not needed
MSSQL binaries	❌ Not supported	✅ Required
Registry SQL paths	❌ Not supported	✅ Required
sqlcmd execution	❌ Not supported	✅ Required
Pattern variables	❌ Not supported	✅ Required

MSSQL database discovery via Agent Client Collector requires execution of environment‑specific commands whose arguments and paths are only resolvable at runtime. Because these commands exceed the bounded and pre‑validated execution model of ACC policy‑managed checks, ServiceNow intentionally requires host‑local allow‑lists to enforce explicit, auditable approval. This design prevents over‑permissive command execution, supports least‑privilege principles, and ensures security teams retain direct control over high‑risk database discovery operations.