IT Discovery for Operational Technology (OT) Networks

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of IT Discovery for Operational Technology (OT) Networks

    The IT Discovery for Operational Technology (OT) Networks function enables ServiceNow customers to discover IT-class OT devices within designated Purdue levels of their Industrial Control System (ICS) networks. These devices include switches, routers, and computers located in both data centers and factory environments.

    Show full answer Show less

    This discovery process is tailored to operate in specific Purdue levels relevant to OT environments, differing from standard IT discovery, which focuses on higher Purdue levels associated with enterprise and site business functions.

    Key Features

    • Targeted Purdue Levels: Unlike standard discovery that runs at Purdue levels 4 (site business and IT functions) and 5 (enterprise network), IT Discovery for OT Networks operates primarily at Purdue levels 3.5 (Demilitarized Zone or Industrial Demilitarized Zone) and 3 (site operations). This focus allows safe discovery of IT-class devices that coexist with OT systems without impacting critical industrial operations.
    • Safe Operational Boundaries: The process excludes Purdue levels 0 through 2 to prevent disruption of core industrial control functions.
    • Discovery Processing: Upon running an OT discovery schedule, the system scans assigned IP addresses to identify hardware devices. For each discovered configuration item (CI), it triggers an internal event to:
      • Check for existing OT entity records (cmdbotentity) in the CMDB.
      • Update related OT entities if attributes have changed, or create new OT entity records if none exist.
      • Push defined attributes from the OT discovery schedule to both the CI and related OT entity records.
      • Create OT entity records for applications installed on discovered OT devices, accessible via the Industrial Workspace under Operational Technology (OT) Applications list.

    Practical Benefits

    • Comprehensive Visibility: Enables visibility into IT-class devices within OT environments, supporting unified asset management and operational insights across IT and OT boundaries.
    • Risk Mitigation: Limits discovery to safe network zones (Purdue levels 3 and 3.5), helping avoid operational disruption in critical control areas.
    • Enhanced CMDB Accuracy: Automatically maintains OT entity records in the CMDB, enriching configuration data with OT-specific details and installed applications.

    Usage Recommendations

    ServiceNow customers should schedule IT Discovery for OT Networks predominantly in the IDMZ (Purdue level 3.5), where IT and OT devices coexist and can be safely managed. Avoid running discovery in Purdue levels 0 through 2 to maintain industrial process stability.

    You can use the IT Discovery for Operational Technology (OT) Networks function to discover IT class OT devices. These devices are located in designated Purdue levels within your Industrial Control System (ICS) networks. IT class items include switches, routers, and computers that exist both in data centers and in your factories.

    Where standard Discovery processing takes place

    The IT Discovery for OT Networks process operates in a manner that is similar to the standard Discovery processes.

    Figure 1. Targeted Purdue levels in standard and IT Discovery for OT Networks Discovery
    It Discovery for OT networks

    Standard Discovery processing in the ServiceNow AI Platform® normally takes place in the following Purdue levels in your enterprise:

    Table 1. Processed Purdue levels
    Purdue Level Description
    4 Site business and logistics, such as all Information Technology (IT) functions.
    5 Enterprise Network, where Enterprise Resource Planning (ERP) functions take place.
    Note:
    To learn more about Purdue levels in Industrial Control Systems, see https://subscription.packtpub.com/book/networking_and_servers/9781788395151/1/ch01lvl1sec10/the-purdue-model-for-industrial-control-systems.

    Where and how IT Discovery for OT Networks processing takes place

    In contrast, IT Discovery for OT Networks processing can take place in the following Purdue levels, depending on which you select when you create an OT discovery schedule:
    Table 2. Processed Purdue levels
    Purdue Level Description
    3.5 Demilitarized Zone (DMZ) or Industrial Demilitarized Zone (IDMZ). Similar to a traditional (IT) DMZ, the OT-oriented IDMZ enables you to securely connect networks with different security requirements.
    3 Site operations where plant or site-wide control and monitoring functions reside.
    You typically run IT Discovery for OT Networks in the DMZ (or IDMZ, Purdue Level 3.5) of your ICS networks. This Purdue level is where there are usually IT and OT class computers and servers to discover and manage.
    Note:
    To avoid the possibility of disrupting your industrial operations, you should not run Discovery processes against Purdue levels 0 through 2 in your ICS networks.
    Figure 2. IT Discovery for OT Networks processing
    OT network processing

    When you run an OT discovery schedule, it performs the following processing:

    1. Proceeds through the assigned IP addresses and discovers all hardware items that exist in it.
    2. When it completes discovery of a configuration item (CI), it internally triggers a (discovery.device.complete) event. This logic checks if an OT entity (cmdb_ot_entity) record exists for it in the Configuration Management Database (CMDB).
      • If one exists, and any related attributes have changed for the discovered item, it updates the OT Entities that are related to that CI.
      • If one does not exist, it creates one for it.
    3. In addition to the location attribute, it also pushes the defined attributes from the OT discovery schedule to the CI and to the related OT entity records.
    4. It also creates OT entity records for the applications installed on discovered OT devices. To view the applications that have OT entity records created through IT Discovery for OT Networks, navigate to the Industrial Workspace list view and open the Applications list under Operational Technology (OT).