Agent Client Collector for Visibility - Content default checks and policies

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 5 minutes de lecture

    • Agent Client Collector for Visibility - Content (ACC-VC) provides various checks and policies as well as a business rule.

    Policies

    Remarque :
    ACC-VC policies execute at a frequency of once per day. The total data ingested would be approximately 572KB. This takes into consideration an average of approximately 1500 installed software applications and approximately 500 running processes other than CI data per machine.
    Tableau 1. ACC-VC policies
    Name Description Checks definitions
    Enhanced Discovery Runs on a schedule, by default every 24 hours (86400 seconds). The policy interval can be adjusted, for example to run every 4 hours (set the interval to 14400). The ACC-VC policy configuration is synced to all agents based on the policy filter defined by ACC-VC. Update the following ACC-F system properties, if needed:
    • sn_agent.disco_minimum_threshold_for_rediscovery_minutes: to avoid discovering the system too frequently.
    • sn_agent.disco_disable_ci_clobber_of_agentless_disco: to avoid Discovery conflicts.
    • sn_agent.disco_ci_clobber_of_agentless_disco_threshold_days: to avoid Discovery conflicts.
    		 Enhanced Discovery
    SAM Discovery Responsible for capturing the software installed on any endpoint device, such as Windows desktops or macOS servers. Software installations and usage metrics
    SAM background Enables a background job for processing the Osqueryd logs for SAM on Windows and macOS endpoint devices. SAM background log check
    SAM background (Non OsqueryD) Enables a background job to collect SAM information using osqueryi instead of osqueryd. SAM Background Policy (Non OsqueryD)
    Software installed Responsible for capturing the software installed on all devices except for Windows endpoint devices. The data collected is stored in the [cmdb_sam_sw_install] table. Scheduled to run every 24 hours. installed software
    File-based Discovery background policy Takes the config file as input from the instance to an agent. Scans the system using config file parameters and stores the output in two separate files on the agent.
    • FBDSAMOutput.json: Stores metadata related to the set of file names generated from the samp_file_name table.
    • FBDFileOutput.json: Stores metadata related to files scanned by a wildcard extension.

    Runs on the agent when file-based discovery is invoked. For details, see File-based Discovery.

    		 File-based discovery background
    File-based Discovery policy Collects the output file from the agent's background policy. Sends the collected information to the configuration tables and deletes the file after sending. The output file cannot exceed 2MB.

    Runs weekly on the agent when file-based discovery is activated on the configuration console. For details, see File-based Discovery.

    Remarque :
    • During file-based discovery on a Windows system, the servicenow user does not have the necessary permissions. Therefore, manually grant the List Folder Contents permission to the folder you want to scan.
    • To ensure successful retrieval of the file version, run the agent as the local system account user instead of the servicenow user.
    File-based Discovery - SAM Collects the SAM related output file from the agent, in a Linux, Windows, or macOS environment. Sends the collected software metadata identification information to the instance, and populates the relevant tables (File information, Software installation, and Unidentified file set). Runs daily.

    Runs on the agent when file-based discovery is invoked. For details, see File-based Discovery.

    Remarque :
    • During file-based discovery on a Windows system, the servicenow user does not have the necessary permissions. Therefore, manually grant the List Folder Contents permission to the folder you want to scan.
    • To ensure successful retrieval of the file version, run the agent as the local system account user instead of the servicenow user.
    		 File-based discovery - SAM
    File-based Discovery - File management Collects the file management related output file from the agent, in a Windows environment. Sends the collected file management information to the instance, and populates the File information table only.

    Runs on the agent when file-based discovery is invoked. For details, see File-based Discovery.

    A large number of extension wildcards may decrease system performance. Therefore, you might want to decrease the frequency of which this policy runs by doing the following:
    1. Navigate to All > Agent Client Collector > Policies.
    2. Select File Based Discovery Policy - File Management.
    3. Select the Scheduling tab.
    4. Increase the value of the Interval(sec) field.
    Remarque :
    • During file-based discovery on a Windows system, the servicenow user does not have the necessary permissions. Therefore, manually grant the List Folder Contents permission to the folder you want to scan.
    • To ensure successful retrieval of the file version, run the agent as the local system account user instead of the servicenow user.
    		 File-based discovery - File management
    VISC Get application metric Retrieves the SaaS application metrics from the agents.

    For details on enabling SaaS usage monitoring with ACC-VC, see the SaaS Usage Monitoring with Agent Client Collector [KB2320193] article in the Now Support Knowledge Base.

    		 VISC Get application metric
    VISC Get browser extension device init Initializes the DEX browser extension with the host sysID. VISC Get browser extension device init
    VISC Get browser extension init Initializes the DEX browser extension with logged-in users. VISC Get browser extension init
    Remarque :
    Windows endpoint devices include devices that have a Windows operating system and belong to CI class: computer.

    See System properties for more details. For more details on policies, see Checks and policies.

    Check type

    ACC-VC has the following check types: Enhanced Discovery, SAM Advanced Discovery, and Installed Software.
    Enhanced Discovery
    This check type is responsible for invoking the EnhancedDiscoveryHandler script include that processes the payload produced by endpoint_discovery.rb as executed by ACC.

    Used by File-base Discovery.

    SAM Advanced Discovery
    This check type is for the SAM Discovery policy that invokes the EnhancedDiscoveryHandler script include for processing the SAM data produced by the sam_advanced.rb file.
    Installed Software
    This check type for the Software installed policy that invokes the EnhancedDiscoveryHandler script include for processing the installed software data produced by the installed_software.rb file.

    Check definitions

    Tableau 2. ACC-VC check definitions
    Name Description
    Enhanced Discovery Synced to all agents based on the policy filter defined by ACC-VC. The Check definition is configured to run with certain assets and determines what gets synced between the agent and the MID Server. For more details on policies, see Checks and policies.
    Remarque :
    For the agent to retrieve the OS serial numbers and TCP connections along with associated running processes, sudo access for “dmidecode” and “ss” is required on Linux systems. For example, this content could be added to /etc/sudoers or to an individual file in /etc/sudoers.d/: 
    Cmnd_Alias AGENT_ACC_V = /usr/sbin/dmidecode -s baseboard-serial-number,/usr/sbin/dmidecode -s chassis-serial-number,/usr/sbin/dmidecode -s system-serial-number,/usr/sbin/dmidecode -s system-uuid,/usr/sbin/ss -tanp
servicenow ALL=(root) NOPASSWD:AGENT_ACC_V
    SAM background log check Runs every 8 minutes and performs inline aggregation of data generated from Osqueryd logs. After collecting the data, it writes all the intermediate data results into a temporary marker file which is reused in the next run. This reuse limits the number of log files and disk space needed on target systems.
    Remarque :
    You may notice a spike in system resource consumption, as the background aggregation check runs every interval.
    Software installations and usage metrics Collects data every 24 hours.
    Installed software Fetches installed software data for all devices other than Windows and macOS endpoint devices.
    File-based discovery background Runs a file scanning background job on the agent.
    File-based discovery Fetches the file data from the agent.

    Business rule

    The Enhanced Discovery – On CI Delete business rule triggers the Endpoint Discovery Check when the CI associated with a given CI is deleted from sn_agent_cmdb_ci_agent.