Network Intrusion Detection System (NIDS) CI extension class

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Network Intrusion Detection System (NIDS) CI extension class

    The Network Intrusion Detection System (NIDS) CI extension class[cmdbcinids]in ServiceNow enhances the CMDB by adding specific modeling and relationship capabilities for passive network monitoring appliances that detect devices on the network. Managed by an NIDS Manager, these sensors establish "detects::detected by" relationships between NIDS devices and discovered Configuration Items (CIs).

    Show full answer Show less

    This extension is part of the CMDB CI Class Models app (Release 1.30) available on the ServiceNow Store, which adds or updates classes to extend the CMDB class hierarchy. These classes include detailed descriptions, identification rules, and dependent relationships, enabling Discovery and Service Mapping Patterns to populate and discover network and software technologies accurately.

    Key Features

    • New Class: cmdbcinids extends cmdbciidsnetwork to represent NIDS devices that monitor network traffic and build relationships with OT network appliances and devices.
    • Additional Class Columns: The NIDS class includes key attributes such as:
      • NIDS source ID: Identifies the NIDS device using a correlation ID.
      • NIDS source name: The name of the NIDS device.
      • Network type assignment: Specifies if the device is on an IT or OT network.
      • NIDS assignment site: ISA site assigned to the NIDS, accessible to users with ISA admin role.
    • Roles and Access Controls: The cmdbnidsadmin role grants full create, read, update, and delete permissions on NIDS OT records and access to the Network IDS application menu.
    • Relationship and Metadata Management: For each CI detected by an NIDS record, metadata such as location, company, related users and groups are automatically assigned via the Operational Technology Certified Service Graph Connector.
    • OT Network Integration: If the NIDS network type is OT, an OT device record (cmdbotentity) is created and assigned the NIDS zone and site information. Integration with Industrial Process Manager enhances this assignment.
    • Lifecycle Stage Validation: The lifecycle stage and status on CIs dictate sensor learning mode validation—only when status is “In Use” is validation successful.

    What This Enables for ServiceNow Customers

    • Enhanced visibility and management of network intrusion detection systems and their discovered devices within the CMDB.
    • Improved accuracy and automation in associating network devices and OT assets with their monitoring sensors, supporting stronger security and operational insights.
    • Role-based access control ensures only authorized users manage sensitive NIDS data and configurations.
    • Integration with existing ServiceNow apps like Discovery, Service Mapping, and Industrial Process Manager facilitates comprehensive asset discovery and operational technology governance.
    • Metadata enrichment for detected CIs improves asset tracking, ownership, and lifecycle management aligned with security monitoring.

    The Network Intrusion Detection System (NIDS) [cmdb_ci_nids] class builds the relationships between passive network monitoring appliances, and the devices on the network that it discovers.​ A NIDS Manager manages the NIDS sensors that detect the devices and builds "detects::detected by” relationships between the NIDS records (parent) and the CIs it discovers (child).​

    This topic lists the relevant classes that the CMDB CI Class Models app adds or updates. See the class columns table for further details about the columns added for each class.

    CMDB CI Class Models is a ServiceNow Store app that adds class models that extend the CMDB class hierarchy. The new or updated classes include class descriptions, identification rules, identifier entries, and, if applicable, dependent relationships. You can use the added classes just like any other CMDB class. Applications such as Discovery and Service Mapping Patterns can use the class extensions to populate CIs and discover technologies and software.

    See the release notes for all CMDB CI class models.

    Request apps on the Store

    Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Network Intrusion Detection System (NIDS) schema structure​

    NIDS schema structure.

    Classes

    This section lists the classes that the CMDB CI Class Models app adds or updates.See the class columns table for further details about the columns added for each class.

    CMDB CI Class Models: Release 1.30 adds the following classes for the Network Intrusion Detection System (NIDS). For the list of classes in the base system, including classes that this app might extend, see CMDB tables descriptions.
    Class Extends Description
    Network Intrusion Detection System (NIDS) (cmdb_ci_nids) cmdb_ci_ids_network NIDS is an intrusion detection system within the network that examines the traffic from all devices on the network. NIDS scanners build relationships between the OT network scanning appliances, and the OT devices on the network.​ An NIDS Manager manages the NIDS sensors.​

    Class columns

    CMDB CI Class Models: Release 1.30 adds the following columns to the Network Intrusion Detection System (NIDS) [cmdb_ci_nids] class.

    Table 1. Network Intrusion Detection System (NIDS) [cmdb_ci_nids] class
    Column label Column name Description
    NIDS source ID Correlation_id Identifier of the NIDS device. Uses the assigned Correlation ID for the NIDS as its nids_source_id.
    NIDS source name nids_source_name Name of the NIDS device.
    Network type assignment network_type_assignment Designates if the device is on an IT or OT network.
    NIDS assignment site isa_entity_site ISA site assigned to the NIDS. This information is available when the logged in user has an assigned ISA admin role.

    Roles and Access Control Logic (ACLs)

    The NIDS admin (cmdb_nids_admin) role is associated with the Network Intrusion Detection System (NIDS) [cmdb_ci_nids] class: Can create, read, update, and delete Network IDS (NDIS) OT records. To view the Network IDS Application selection on the application menu, you must have this role.

    Key relationship structure

    For each CMDB CI record with a “Detected by” relationship with an NIDS record, a ServiceNow Operational Technology Certified Service Graph Connector does the following:

    1. Assigns the following NIDS-related metadata values to the CI:
      1. Location
      2. Company
      3. Related users (Owned by, Managed by, Supported by, Assigned to)
      4. Related user groups (Approval group, Managed by Group, Support group, Change group)
    2. If the NIDS network type is set to OT, it assigns the following NIDS-related metadata values to the CI:
      1. Creates an OT device (cmdb_ot_entity) record for the CI, using the cmdb_ot_entity reference on the CI.
      2. Assigns the NIDS assignment zone to the OT device record.
      3. If the Industrial Process Manager is installed, assign the NIDS assignment site to the OT device record.
    3. Life Cycle Stage and Life Cycle Stage Status values for the CI are used to capture the learning mode of a sensor.
      • If Life Cycle Stage is Operational and Life Cycle Stage Status is Learning Mode, then validation is unsuccessful.
      • If Life Cycle Stage Status is In Use, validation is successful.