Exploring Instance Scan

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Instance Scan

    Instance Scan is a tool designed to detect anomalies and opportunities within your ServiceNow instance through various checks. It allows you to create checks, execute scans, and analyze results for security, upgrade best practices, manageability, user experience, and performance vulnerabilities. Note that Instance Scan does not fully support domain separation.

    Show full answer Show less

    Key Features

    • Checks: Focused rules that identify issues or opportunities in the instance, applicable to tables, records, or metadata.
    • Results: Reports the status and type of each scan conducted.
    • Findings: References records that have violated rules from checks.
    • Dashboard: Provides a visual representation of the instance's health, helping manage and analyze scan results.
    • Quota Rule: Sets execution thresholds for scans to prevent excessive runtime, ensuring efficient operation.
    • Scan Types: Includes Full Scans for the entire instance, Point Scans for specific records or applications, and Test Scans for verifying individual checks.
    • Roles: The scanuser role enables execution of different scans and access to findings and results.

    Key Outcomes

    By utilizing Instance Scan, you can enhance the security and performance of your ServiceNow instance, effectively manage potential vulnerabilities, and ensure adherence to best practices. The tool provides comprehensive insights that allow for informed decision-making and proactive management of your instance's health.

    If you are new to Instance Scan, read this overview to learn what the tool can do. Follow the tutorial to create checks and execute scans that uses most basics of Instance Scan features.

    Note:
    Instance Scan doesn't fully support domain separation. Findings are visibly domain separated based on the domain of the source record. For more information see Domain separation.

    Instance Scan record and components

    Checks
    Checks are singular focused rules that detect anomalies or opportunities in an instance. These checks can run against tables, records, or metadata. Checks are defined to identify security, upgrade best practices, manageability, user experience and performance vulnerabilities. See Getting started with checks for more information.
    Results
    An Instance Scan result reports the status and type of the scan. See Results for more information.
    Findings
    A finding is a reference to a record that has violated a rule from a check on the instance. See Findings for more information.
    Dashboard
    The Instance Scan dashboard is a system-wide visual representation of the health of your instance. The dashboard helps you manage and analyze the full scan results against your instance. See Instance Scan dashboard for more information.
    Quota rule
    A quota rule determines the execution threshold of a scan. The quota rule prevents the instance from running long scans. For example, any scan running longer than the threshold set by the quota rule will result in a failure. See Quota rules for more information.

    Scan types

    Instance Scan deals with the following types of scans.

    Full scan
    Execute a scan for the entire instance by selecting Execute Full Scan. Implementing a full scan runs all the active checks present in your instance.
    Point scan
    Execute all applicable checks against a single record, update set, or an application by selecting Run Point Scan. For example, if you execute a point scan against a business rule, only the checks that are applicable to the business rule table run, and only that single target record is scanned. If you execute an update set scan or an application scan, all records related to that update set or application are scanned. See Execute an app scan and Execute an update set scan for more information.
    Test scan
    Execute a test scan to verify if the check works as expected. The test scan enables you to test a single check instead of a full scan by selecting a single check and selecting Test Check on the Check form.

    Roles

    Instance Scan has the scan_user role that can run different types of scans and view the findings and results.