Agent Client Collector for Visibility - Content default checks and policies
Summarize
Summary of Agent Client Collector for Visibility - Content default checks and policies
Agent Client Collector for Visibility - Content (ACC-VC) offers a comprehensive set of checks, policies, and a business rule to enhance endpoint discovery and software asset management (SAM) within ServiceNow. These policies run primarily on a daily schedule and handle data collection from devices such as Windows and macOS endpoints, facilitating detailed software and file inventory, usage metrics, and discovery synchronization with the MID Server.
Show less
Key Features
- Enhanced Discovery Policy: Runs by default every 24 hours to gather detailed endpoint data including OS serial numbers and TCP connections, requiring specific sudo access on Linux systems. The schedule can be adjusted for more frequent discovery.
- SAM Discovery Policies: Capture software installations and usage metrics on Windows, macOS, and other devices. Includes background jobs for processing Osqueryd logs, supporting both osqueryd and osqueryi methods.
- File-Based Discovery (FBD): Supports scanning and metadata collection of files on agents using configuration files. It includes specialized policies for software files, SWID tag scanning (for Windows, Linux, macOS), and customizable file management based on extension and filename rules. FBD supports delta scanning to efficiently track file changes over time.
- VISC Policies: Enable collection of SaaS application metrics, web usage data, and DEX browser extension initialization to provide insights into application and browser activity on managed devices.
- Check Types: ACC-VC defines three main check types—Enhanced Discovery, SAM Advanced Discovery, and Installed Software—to process various data payloads and integrate with the appropriate scripts and policies.
- Business Rule: The Enhanced Discovery – On CI Delete rule automatically triggers endpoint discovery checks when related configuration items (CIs) are deleted, ensuring data consistency.
Practical Considerations for ServiceNow Customers
- Policies run once per day by default, ingesting approximately 572KB of data per machine based on typical software and process counts.
- Activation of file-based discovery features requires enabling specific toggles in the Discovery Definition Configuration Console.
- To avoid discovery conflicts and optimize performance, customers should consider adjusting related system properties such as discovery thresholds.
- Linux systems require specific sudo permissions for the agent to collect certain hardware and network details.
- The solution supports scalable and customizable endpoint visibility, allowing customers to tailor file scanning rules and software detection to their organizational needs.
Agent Client Collector for Visibility - Content (ACC-VC) provides various checks and policies as well as a business rule.
Policies
| Name | Description | Checks definitions |
|---|---|---|
| Enhanced Discovery | Runs on a schedule, by default every 24 hours (86400 seconds). The policy interval can be adjusted, for example to run every 4 hours (set the interval to 14400). The ACC-VC policy configuration is synced to
all agents based on the policy filter defined by ACC-VC. Update the following ACC-F system properties, if needed:
|
Enhanced Discovery |
| SAM Discovery | Responsible for capturing the software installed on any endpoint device, such as Windows desktops or macOS servers. | Software installations and usage metrics |
| SAM background | Enables a background job for processing the Osqueryd logs for SAM on Windows and macOS endpoint devices. | SAM background log check |
| SAM background (Non OsqueryD) | Enables a background job to collect SAM information using osqueryi instead of osqueryd. | SAM Background Policy (Non OsqueryD) |
| Software installed | Responsible for capturing the software installed on all devices except for Windows endpoint devices. The data collected is stored in the [cmdb_sam_sw_install] table. Scheduled to run every 24 hours. | installed software |
| File-based Discovery background policy | Takes the config file as input from the instance to an agent. Scans the system using config file parameters and stores the output in two separate files on the agent.
Runs on the agent when file-based discovery is invoked. For details, see Agent Client Collector File-Based Discovery. Default: false. To activate, navigate to and in the File Based Discovery section, activate the Enable File Based Discovery toggle switch. |
File-based discovery background |
| File-based Discovery - SAM | Discovers known software files on the endpoint. Uses an allowlist of recognized software filenames maintained by ServiceNow. When a file on disk matches an allowlist entry, FBD uses the FileBasedDiscovery API to identify the collected software metadata (file name, path, size, and version), identifies
the software package it belongs to and records the installation on the instance. Unrecognized files are tracked in the unidentified file records table (cmdb_unidentified_file_set). Runs daily. Default: false. To activate, navigate to and in the File Based Discovery section, activate the Enable File Based Discovery toggle switch. |
File-based discovery - SAM |
| File-based Discovery - SWID tag | Enables SWID tag scanning on a Windows, Linux or macOS platform. When enabled, the scanner looks for .swid, .swidtag, and .cmptag files in the configured scan directories. Stores
results in the following tables:
Default: false. To activate, navigate to and in the File Based Discovery section, activate the Enable File Based Discovery toggle switch. |
|
| File-based Discovery - File management | Discovers files based on customer-defined rules. Administrators configure which file extensions to look for and define filename matching rules such as exact match, starts with, ends with, or contains. This
policy builds a device-level file inventory based on the organization's specific needs. Results are stored in the sn_acc_vis_content_device_file_information table. Configure rules in the File Matching rules (sn_acc_vis_contet_file_config) and File extensions (sn_acc_vis_content_file_extension) properties. For details on these properties, see Agent Client Collector File-Based Discovery properties. File Management supports delta scanning; after the initial full scan, only added, modified, and deleted files are sent on subsequent runs. For details on delta scanning, see Agent Client Collector File-Based Discovery. Default: false. To activate, navigate to and in the File Based Discovery section, activate the Enable File Based Discovery toggle switch. |
File-based discovery - File management |
| VISC Get application metric | Retrieves the SaaS application metrics from the agents. For details on enabling SaaS usage monitoring with ACC-VC, see the SaaS Usage Monitoring with Agent Client Collector [KB2320193] article in the Now Support Knowledge Base. |
VISC Get application metric |
| VISC Get browser extension device init | Initializes the DEX browser extension with the host sysID. | VISC Get browser extension device init |
| VISC Get browser extension init | Initializes the DEX browser extension with logged-in users. | VISC Get browser extension init |
| VISC Get URL metrics | Controls the collection of web usage data from Windows and macOS managed devices. Runs daily. Default: Inactive. To activate the policy, set the sn_acc_vis_content.enable_full_monitoring property to true. For details on web usage data system properties, see Web usage data collection tables and fields. |
VISC Get URL metrics |
See System properties for more details. For more details on policies, see Checks and policies.
Check type
- Enhanced Discovery
- This check type is responsible for invoking the EnhancedDiscoveryHandler script include that processes the payload produced by endpoint_discovery.rb as executed by ACC.
Used by File-base Discovery.
- SAM Advanced Discovery
- This check type is for the SAM Discovery policy that invokes the EnhancedDiscoveryHandler script include for processing the SAM data produced by the sam_advanced.rb file.
- Installed Software
- This check type for the Software installed policy that invokes the EnhancedDiscoveryHandler script include for processing the installed software data produced by the installed_software.rb file.
Check definitions
| Name | Description |
|---|---|
| Enhanced Discovery | Synced to all agents based on the policy filter defined by ACC-VC. The Check definition is configured to run with certain assets and determines what gets synced between the agent and the MID Server. For more details on policies, see Checks and policies. Note: For the agent to retrieve the OS serial numbers and TCP connections along with associated running processes, sudo access for “dmidecode” and “ss” is required on Linux systems. For example, this content could be added to /etc/sudoers or to an individual file in /etc/sudoers.d/:
|
| SAM background log check | Runs every 8 minutes and performs inline aggregation of data generated from Osqueryd logs. After collecting the data, it writes all the intermediate data results into a temporary marker file which is reused in
the next run. This reuse limits the number of log files and disk space needed on target systems. Note: You may notice a spike in system resource consumption, as the background aggregation check runs every
interval. |
| Software installations and usage metrics | Collects data every 24 hours. |
| Installed software | Fetches installed software data for all devices other than Windows and macOS endpoint devices. |
| File-based discovery background | Runs a file scanning background job on the agent. |
| File-based discovery | Fetches the file data from the agent. |
Business rule
The Enhanced Discovery – On CI Delete business rule triggers the Endpoint Discovery Check when the CI associated with a given CI is deleted from sn_agent_cmdb_ci_agent.