Discovery for Operational Technology
Summarize
Summary of Discovery for Operational Technology
Discovery for Operational Technology enables users to identify IT-class Operational Technology (OT) devices within specified Purdue levels in Industrial Control System (ICS) networks. This includes devices such as switches, routers, and computers located in data centers and factories. It operates similarly to standard Discovery processes but is tailored for OT environments.
Show less
Key Features
- Targeted Purdue Levels: Discovery for Operational Technology focuses on Purdue levels 3.5 and 3, which include the Demilitarized Zone (DMZ) and site operations. It is advised not to run discovery processes on Purdue levels 0 through 2 to avoid disrupting industrial operations.
- Discovery Process: The process discovers hardware items by checking assigned IP addresses and triggers internal events to update or create Configuration Items (CIs) in the Configuration Management Database (CMDB).
- Application Tracking: The discovery also creates OT entity records for applications installed on discovered OT devices, which can be viewed in the Industrial Workspace under Applications.
Key Outcomes
By utilizing Discovery for Operational Technology, customers can effectively manage and monitor their OT devices, ensuring accurate and up-to-date information within their CMDB. This functionality enhances visibility and control over OT environments, facilitating better operational management.
You can run the Discovery for Operational Technology function to discover IT class Operational Technology (OT) devices in designated Purdue levels in your Industrial Control System (ICS) networks. IT class items include switches, routers, and computers that exist both in data centers and in your factories.
Where standard Discovery processing takes place
The Discovery for Operational Technology process operates in a manner that is similar to the standard Discovery processes.
Standard Discovery processing in the ServiceNow AI Platform® normally takes place in the following Purdue levels in your enterprise:
| Purdue Level | Description |
|---|---|
| 4 | Site business and logistics, such as all Information Technology (IT) functions. |
| 5 | Enterprise Network, where Enterprise Resource Planning (ERP) functions take place. |
Where and how Discovery for Operational Technology processing takes place
| Purdue Level | Description |
|---|---|
| 3.5 | Demilitarized Zone (DMZ) or Industrial Demilitarized Zone (IDMZ). Similar to a traditional (IT) DMZ, the OT-oriented IDMZ enables you to securely connect networks with different security requirements. |
| 3 | Site operations where plant or site-wide control and monitoring functions reside. |
When you run an OT discovery schedule, it performs the following processing:
- Proceeds through the assigned IP addresses and discovers all hardware items that exist in it.
- When it completes discovery of a configuration item (CI), it internally triggers a
(discovery.device.complete) event. This logic checks if an OT entity (cmdb_ot_entity) record
exists for it in the Configuration Management Database (CMDB).
- If one exists, and any related attributes have changed for the discovered item, it updates the OT Entities that are related to that CI.
- If one does not exist, it creates one for it.
- In addition to the location attribute, it also pushes the defined attributes from the OT discovery schedule to the CI and to the related OT entity records.
- It also creates OT entity records for the applications installed on discovered OT devices. To view the applications that have OT entity records created through OT Discovery, navigate to the Industrial Workspace list view and open the Applications list under Operational Technology (OT).