Credential-less Application Discovery attempts to identify an application service
actively listening on a specific port at a given IP address.
The application discovery pattern
Service Mapping launches the Credentialless Discovery Application pattern when all
credential-based port classification steps fail. The pattern executes an Nmap command on a
Windows MID Server with Nmap installed, that is configured to perform application/version
detection against a specific remote host IP address and port. If the port being scanned by
Nmap is open, the pattern executes the
CredentialLessApplicationClassNameMapper MID Server script include,
which maps the service product, service name, and any extra information supplied by Nmap to
a supported ServiceNow application table. If the script can map the returned product to an
appropriate table derived from the base Application [cmdb_ci_appl] table, the script passes
this information to the pattern. The pattern passes the match to the Discovery identifier
for eventual CI creation or reconciliation. If the information returned by Nmap does not
match any derived table, then the instance uses the base Application [cmdb_ci_appl] table to
create the CI.
Important :
To allow the Credentialless Discovery Application
pattern to launch, ensure that the
mid.discovery.credentialless.enable system property is set to
true. To disable, ensure this property is set to
false.
Example scan
This information was returned by an Nmap Application/Version Detection port scan on a Linux
test system and illustrates the type of application data Nmap scans can return.
Information
Port
Port state
open
Service name
ssh
Service product
OpenSSH
Extra service information
Protocol 2.0
Default application mappings
The CredentialLessApplicationClassNameMapper MID Server script include
is configured with a subset of the most common application tables available for Discovery
and Service Mapping. A user with the agent_admin role can edit this script include to add
additional CI tables that credential-less application Discovery can use for mapping to a
derived application CI class.
Shown in this table are examples of close matches returned by Nmap on a test system that
CMDB Identification and
Reconciliation was able to resolve into defined products. In many cases, the
service name returned by Nmap was not needed to determine a match. Service names that appear
in the table were required to determine a match.
Products returned by Nmap that cannot be resolved into defined Discovery products use the
following naming format:
<serviceProduct>:<serviceExtrainfo>:<serviceName>.
If any value in this string is null, it is dropped from the name.
serviceProduct: Service product information returned by
Nmap.
serviceExtrainfo: Any additional information that Nmap returns
about the application that might help identify it, such as protocol information.
serviceName: The installed name of the service or daemon of the
product.
Tableau 1. Examples of close matches that were resolved
Nmap response
Script response - Identifier
input
Service product
Service name
Service extra information
Discovered product
CI application table
Apache Tomcat/Coyote JSP engine 1.1
N/A
NULL
Tomcat
cmdb_ci_app_server_tomcat
Apache httpd 2.2.10 ((Linux/SUSE))
N/A
NULL
Apache Web Server
cmdb_ci_apache_web_server
IBM HTTP Server
N/A
Derived from Apache
Apache Web Server
cmdb_ci_apache_web_server
IBM DB2 Database Server (QDB2/LINUX)
N/A
NULL
DB2 Instance
cmdb_ci_db_db2_instance
Microsoft Exchange smtpd
smtp
NULL
Exchange Client Access Server
cmdb_ci_exchange_cas
Microsoft Exchange 2010 log copier
msexchange-logcopier
NULL
Exchange Mailbox
cmdb_ci_exchange_mailbox_server
JBoss service httpd
N/A
NULL
JBoss
cmdb_ci_app_server_jboss
Microsoft IIS httpd 6.0
N/A
NULL
Microsoft iis Web Server
cmdb_ci_microsoft_iis_web_server
Microsoft SQL Server 2005 9.00.4035; SP3
N/A
NULL
Microsoft SQL Server
cmdb_ci_db_mssql_instance
MongoDB 2.5.1
N/A
NULL
MongoDB Instance
cmdb_ci_db_mongodb_instance
MySQL 5.5.51
N/A
NULL
MySQL Instance
cmdb_ci_db_mysql_instance
nginx 1.4.6 (Ubuntu)
N/A
NULL
Nginx Web Server
cmdb_ci_nginx_web_server
PostgreSQL DB
N/A
NULL
PostgreSQL Instance
cmdb_ci_db_postgresql_instance
Oracle WebLogic Server
N/A
NULL
Weblogic
cmdb_ci_app_server_weblogic
IBM WebSphere MQ 6.0
N/A
NULL
IBM WebSphere MQ
cmdb_ci_appl_ibm_wmq
IBM WebSphere Application Server 6.1
N/A
NULL
IBM Websphere
cmdb_ci_app_server_websphere
OpenSSH : ssh
N/A
NULL
OpenSSH
cmdb_ci_appl
Oracle Instance
N/A
NULL
Oracle Database
cmdb_ci_db_ora_instance
Oracle Instance
N/A
NULL
Oracle TNS Listener
cmdb_ci_db_ora_instance
product-A
service-B
NULL
product-A:service-B
cmdb_ci_appl
product-A
service-B
extrainfo-C
product-A:extrainfo-C:service-B
cmdb_ci_appl
Examples of applications not uniquely matched
In this example, the information returned by Nmap does not match any derived table, and the
instance must use the base Application [cmdb_ci_appl] table to create the CI.
Scanned application
Nmap response
Script response - identifier
input
Service product
Service name
Service extra information
Discovered product
CI application table
ExchangeHub
Microsoft Windows RPC
msrpc
null
Microsoft Windows RPC:msrpc
cmdb_ci_appl
HAProxy Load Balancer
IBM HTTP Server (Derived from Apache)
http
null
IBM HTTP Server (Derived from Apache):http
cmdb_ci_appl
SharePoint
Oracle Database
http
null
Oracle Database:http
cmdb_ci_appl
SharePoint
Oracle Instance
N/A
null
Oracle Database
cmdb_ci_appl
Application identification
The Discovery - IP Based [com.snc.discovery.ip_based] plugin adds an identifier to the
Application Rule for the Application [cmdb_ci_appl] table that matches on sys_class_name and
cl_port for Nmap scans.Figure 1. Nmap identifier for the Application Rule
