Instance Security: Scanning with Purpose
A misconfiguration you don't know about is a vulnerability you can't fix.
The good news? There's a way to catch these misconfigurations before they become a problem and it's already sitting in your instance. Security Scanner is a tool inside ServiceNow Security Center, which comes included on all instances at no extra cost (and almost nothing is free anymore, so seriously, take advantage of it). Security Center comes installed by default starting with the Vancouver release, yet scanning remains one of its most underutilized features. Not because it's hard to use, but because it's easy to deprioritize when nothing has visibly gone wrong. The problem with that approach is that scanning is exactly how you stay ahead of those problems in the first place. Kind of like how you don't wait for your check engine light to come on before getting an oil change. Well, some of us do… but don't be that admin.
Let's see how we can put scanning into practice.
What scanning does
The Security Scanner in ServiceNow Security Center runs your instance against a set of security checks designed to surface misconfigurations. Things like access control issues, session settings, and other configurations that point to security problems. The nice part is it doesn't just flag that something is off. It tells you what violated which rule, how many times, AND how to fix it.
Each of these results is called a finding. Findings are tied to the specific record that triggered the issue, assigned a priority level (1 is highest, 4 is lowest), and come with resolution details so you're not left guessing what to do next.
Suites and checks: organizing what you scan for
My favorite part about Scanner is that scans are grouped into collections of checks that run together called suites. The reason it’s my favorite part is because it’s fully customizable to what you and your organization are interested finding. ServiceNow includes built-in suites like the Auditor suite, which covers a broad set of misconfiguration checks right out of the box. You can also clone an existing suite and customize it for your organization's specific needs.
Suites let you focus your scanning on what's most relevant to you, rather than sifting through noise.
From finding to action
A scan finding by itself isn't the end goal. Fixing it is. From within the scanner, you can create a Security Task directly from a finding record, making it easy to assign ownership and track remediation without ever leaving Security Center.
Also, for findings that aren't actionable at the moment (either low risk, known exceptions, or intentional configurations), you can mute them with a documented reason. This keeps your findings clean and reduces unnecessary noise.
Scanning over time
One of the most useful and underrated features is scan comparison. Once you've run a suite at least twice, you can compare results side by side to see what's improved, what's new, and where things may have slipped.
And that's really the whole point of this post. Scanning with purpose means knowing what you're looking for, tracking it over time, and building a habit of consistent improvement rather than just incident response.
Want to see it in action?
Join us on May 19 at 1 PM ET for Instance Security: Scanning with Purpose. This is a part of our ongoing Instance Security webinar series. We'll walk through using Scanner, talk through how to interpret findings, and share practical tips for making scanning a regular part of your security routine.
Register here for free: https://servicenow.zoom.us/webinar/register/WN_V65h0TQ0TmSN6jBpxoeYWA#/registration
Have questions or want to stay in the loop on future webinars? Reach out to us anytime at InstanceSecurity@servicenow.com — we'd love to hear from you!
Want to dig deeper? Check out the official ServiceNow Security Center Scanner documentation here.
