Hello,
Here is a brief overview of how the discovery process works. Discovered items are created by integration with vulnerability scanners like tenable, Qualys, rapid7 etc. Discovery provides visibility into how asset identification is mapped to CIs in the CMDB.
- Vulnerability scanning
- Third Party vulnerability scanners scan using protocols like WMI,SSH, SNMP to scan IP ranges in your environment.
- Scanner sends ServiceNow all the Hosts that have a vulnerability.
- Maps and transforms data
- Transformation maps convert the raw data into a structured data that is found in the discovered item table. Key attributes like asset identifiers, scan source is populated based on business rules.
- Integration Run
- When the integration runs, it first consults the Source ID field on the Discovered Items module for a match: This Source ID field is a unique value typically supplied by the VR scanner. If the integration run gets a match on the Source ID field, it then uses that records Configuration Item for the host/device. This Source ID field is a unique value typically supplied by the VR scanner.
- Matching of vulnerability to a CI (CI lookup rules)
- This host information from the discovered item source data is used as part of the CI lookup rules. If the CI lookup rules can match a host in the discovered item source data to CI in the CMDB, the discovered item state is ‘Matched.’
- Unmatched Cis ( Created by IRE)
- If there is no match, then the state is “unmatched”, and the CI class is “Unclassed Hardware”. If the IP address is the only available information that the CI lookup rules can use (no FQDN, DNS, NetBios) then the state is ‘unmatched”, and the class is “Incomplete IP Identified Device.”
There isn’t a single script that creates discovered item. It is a product embedded in the data ingestions pipeline for VR. You can look at business rules. Search for ’sec_cmn_src_ci’ in the business rules table (sys_script.list) and that should provide some more information.
Resources
Discovered Items
Discovered Items form fields
