Scan Coverage - VR

Go to solution
Derek W_
Tera Contributor

‎06-27-2022 11:42 AM

Is there an easier way to see which CI's have not been assessed by our third party scanner? Scan coverage is great in theory, but it does nothing to help you identify the actual CI's that have not been scanned. Looking to identify the CI's that make up the difference between Scanned Ci's and Total Ci's.

Labels:
0 Helpfuls
  • 1,104 Views
1 ACCEPTED SOLUTION

Go to solution
Fatih Karacaer
ServiceNow Employee
ServiceNow Employee

‎06-28-2022 12:14 AM

Hi Derek,

Scan coverage uses some GlideAggregate structures when calculating the scan coverage.

    1. It calculates the total number of records in cmdb classes based on the class definitions on "Scan Coverage Config" module.

   2. Then does a calculation / aggregation for the records in the discovered items table. 

   3. And finally calculates the percentages.

It all happens in the script include ScannableAssetsConfigUtil. The functions _getScannedCountFromDiscItem and  _getTotalCount calculates the values mentioned above.

When you look at these functions they use GlideAggregate statements which is used to calculate the total number of records instead of the records itself.

find_real_file.pngThere are 3 options.

1.  Create a copy of this script include ScannableAssetsConfigUtil yourself and update the functions I mentioned above and use GlideQuery instead of GlideAggregate and execute them. You will have the records.

2. Get inspiration from the functions above and create your own script and execute them in the Background scripts.

3. Create a database view which applies the logic above as:

   - Query cmdb classes defined in the Scan Coverage config

   - Query Discovered Items table

   - Apply a left join and query where the Discovered Item record is Null.

 

Please mark it as helpful if it is!

Kind regards,
Fatih.

View solution in original post

Preview file
85 KB
1 REPLY 1

Go to solution
Fatih Karacaer
ServiceNow Employee
ServiceNow Employee

‎06-28-2022 12:14 AM

Hi Derek,

Scan coverage uses some GlideAggregate structures when calculating the scan coverage.

    1. It calculates the total number of records in cmdb classes based on the class definitions on "Scan Coverage Config" module.

   2. Then does a calculation / aggregation for the records in the discovered items table. 

   3. And finally calculates the percentages.

It all happens in the script include ScannableAssetsConfigUtil. The functions _getScannedCountFromDiscItem and  _getTotalCount calculates the values mentioned above.

When you look at these functions they use GlideAggregate statements which is used to calculate the total number of records instead of the records itself.

find_real_file.pngThere are 3 options.

1.  Create a copy of this script include ScannableAssetsConfigUtil yourself and update the functions I mentioned above and use GlideQuery instead of GlideAggregate and execute them. You will have the records.

2. Get inspiration from the functions above and create your own script and execute them in the Background scripts.

3. Create a database view which applies the logic above as:

   - Query cmdb classes defined in the Scan Coverage config

   - Query Discovered Items table

   - Apply a left join and query where the Discovered Item record is Null.

 

Please mark it as helpful if it is!

Kind regards,
Fatih.

Preview file
85 KB