Examples of Discovery behavior functionalities

  • Release version: Zurich
  • Updated July 31, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Examples of Discovery behavior functionalities

    This content explains how to configure Discovery behaviors in ServiceNow to efficiently scan devices across multiple domains using MID Servers. It demonstrates creating three distinct functionalities within a single Discovery behavior to target different device types and domains, optimizing the scanning process while respecting Windows authentication constraints.

    Show full answer Show less

    Key Functionalities

    • Functionality 1: WMI Scanning on Domain A
      • Configures a Windows MID Server (e.g., sandb01-358) to scan Windows devices in Domain A using the WMI protocol.
      • Requires defining Functionality Criteria for the MID Server and the Windows domain, ensuring scanning is limited to the correct domain due to Windows authentication limits.
      • Uses phase 1 to launch a single Shazzam probe for efficiency.
      • Enables Windows, DNS, and WINS protocols.
    • Functionality 2: SSH and SNMP Scanning on Domain A
      • Configures the same MID Server (sandb01-358) to scan SSH and SNMP devices such as UNIX and network equipment.
      • No functionality criteria are needed for non-WMI protocols.
      • Also assigned to phase 1 to leverage a single Shazzam probe.
      • Excludes Windows (WMI) protocols to avoid duplicate scanning.
    • Functionality 3: WMI Scanning on Domain B
      • Configures a second Windows MID Server (e.g., disco-win2003) to scan Windows devices in Domain B using WMI.
      • Requires its own Functionality Criteria for the MID Server and domain, because Windows MID Servers cannot scan WMI outside their own domain.
      • Uses phase 1 to maintain scanning efficiency with a single Shazzam probe.
      • Enables Windows, DNS, and WINS protocols similar to Functionality 1.

    Important Considerations

    • Windows MID Servers are limited by Windows authentication and can only perform WMI scans within their joined domain.
    • SSH and SNMP scanning can be performed by Windows MID Servers across domains but must be separated from WMI scanning to prevent conflicting criteria.
    • Grouping functionalities in the same phase allows a single Shazzam probe to efficiently handle multiple protocols and device types.
    • Functionality criteria are mandatory for WMI scanning to specify the MID Server and domain, ensuring targeted discovery and avoiding duplicate scans.
    • Non-WMI functionalities do not require criteria and can use default matching.

    Practical Outcomes for ServiceNow Customers

    By applying these principles, customers can set up Discovery behaviors that:

    • Efficiently scan multiple domains and device types without redundant scans.
    • Ensure Windows device discovery respects domain authentication boundaries.
    • Optimize resource usage by consolidating scans into single phases with Shazzam probes.
    • Maintain clear and manageable configurations with distinct functionalities tailored to protocol and domain requirements.

    Following this approach helps maintain accurate and comprehensive discovery data while improving discovery performance and reliability across complex network environments.

    This example of a Discovery behavior requires three functionalities for the behavior.

    We will create three functionalities for this Behavior: one MID Server to scan Domain A for Windows devices only; a second functionality for the same MID Server to scan for all SSH and SNMP devices; and a third functionality that names a second MID Server to scan Domain B for Windows devices. The rationale for this is as follows:
    • A Windows MID Server can only discover Windows machines on the Windows domain to which it is joined. This is entirely due to the way Windows authentication works. For this reason, we need a WMI functionality for each domain.
    • A Windows MID Server, provided with the correct credentials, can discover SSH and SNMP devices anywhere; however, we cannot combine WMI, SSH, and SNMP functionalities across Windows domains. This is because the functionality criteria for the WMI scans locks in the Discovery to one specific domain. For this reason, SSH and SNMP discoveries require a separate functionality.
    • We want to scan each machine only once.

    Functionality 1: WMI Scanning on Domain A

    We configure a MID Server to scan for the WMI protocol on Domain A. WMI scans authenticate on Windows machines using the domain credentials of the Windows MID Server machine. Windows MID Servers cannot scan for the WMI protocol outside their own domains.

    Create the first functionality using the following values:
    Field Input Value
    Phase Type a phase number of 1 in this field. All functionalities in this example use the same phase number, which launches a single Shazzam probe for all the functionalities in that phase. A single phase, when feasible, is the most efficient use of the Shazzam probe.
    Functionality Select Windows, DNS, and WINS from the list. This functionality defines the WMI protocol that will be scanned and resolves the domain. Because we selected to scan for WMI, we must select a Windows MID Server for this functionality.
    MID Servers We select a Windows MID Server from Domain A - in this case sandb01-358.
    Active Make sure this check box is selected to enable this behavior.
    Match criteria Change the criteria to All.

    Create Functionality Criteria

    All Windows functionality requires criteria to identify the domain and the MID Server. In our example, we will create two criteria for this functionality. To create Functionality Criteria, click New in the Related List and enter the following values for the MID Server doing the WMI scanning on Domain A:
    Field Input Value
    Name Create the following criteria:
    • Enter mid_server to name the MID Server that will execute the WMI scans on Domain A.
    • Enter win_domain to name the Windows domain that Discovery will scan with the MID Server defined.
    Operator Select equals as the operator in this criteria.
    Value
    • For the mid_server value, enter the name of the MID Server that will scan Domain A for Windows devices.
    • For the win_domain value, enter the name of Domain A that this MID Server will scan for Windows devices.
    Active Be sure to enable the criteria by selecting this check box (true).

    The completed criteria appear in the Discovery Functionality form for this behavior.

    Functionality 2: SSH and SNMP

    In our network, we want to scan for UNIX computers and netgear, but we don't want to classify these devices twice. One of our MID Servers will be configured to classify SSH and SNMP using a different functionality than it does for WMI scans. We do not need to create criteria for non-WMI functionality.

    Create the second functionality using the following values:
    Field Input Value
    Phase Type a phase number of 1 in this field. All functionalities in this example use the same phase number, which launches a single Shazzam probe for all the functionalities in that phase. A single phase, when feasible, is the most efficient use of the Shazzam probe.
    Functionality Select All except Windows (no WMI) from the list. This functionality will scan SSH and SNMP protocols only.
    MID Servers We select the MID Server from Domain A - in this case sandb01-358.
    Active Make sure this check box is selected to enable this behavior.
    Match criteria Leave the default criteria of Any. Criteria are not used for non-WMI functionalities.

    Functionality 3: WMI Scanning on Domain B

    All that remains is to create a functionality for the WMI scans on Domain B. Because of the Windows authentication mechanism, we must configure a Windows MID Server to scan Domain B that is a member of that domain.

    Create the third functionality using the following values:
    Field Input Value
    Phase Type a phase number of 1 in this field. All functionalities in this example use the same phase number, which launches a single Shazzam probe for all the functionalities in that phase. A single phase, when feasible, is the most efficient use of the Shazzam probe.
    Functionality Select Windows, DNS, and WINS from the list. This functionality defines the WMI protocol that will be scanned and resolves the domain. Because we selected to scan for WMI, we must select a Windows MID Server for this functionality.
    MID Servers We select a Windows MID Server from Domain B - in this case disco-win2003.
    Active Make sure this check box is selected to enable this behavior.
    Match criteria Change the criteria to All.

    Create Functionality Criteria

    All Windows functionality requires criteria to identify the Windows domain and the MID Server. In our example, we will create two criteria for this functionality. To create Functionality Criteria, click New in the Related List and enter the following values for the MID Server doing the WMI scanning on Domain B:
    Field Input Value
    Name Create the following criteria:
    • Enter mid_server to name the MID Server that will execute the WMI scans on Domain B.
    • Enter win_domain to name the Windows domain that Discovery will scan with the MID Server defined.
    Operator Select equals as the operator in this criteria.
    Value
    • For the mid_server value, enter the name of the MID Server that will scan Domain B for Windows devices.
    • For the win_domain value, enter the name of Domain B that this MID Server will scan for Windows devices.
    Active Be sure to enable the criteria by selecting this check box (true).

    The completed criteria appear in the Discovery Functionality form for this behavior.