Examples of Discovery behavior functionalities

  • Release version: Zurich
  • Updated July 31, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Examples of Discovery behavior functionalities

    This content explains how to configure multiple Discovery functionalities within a single behavior in ServiceNow Discovery to efficiently scan different device types and domains using MID Servers. It addresses the specific needs and limitations when scanning Windows domains and non-Windows devices such as SSH and SNMP devices.

    Show full answer Show less

    Key Functionalities

    • Functionality 1: WMI Scanning on Domain A
      • Configured on a Windows MID Server belonging to Domain A to scan only Windows devices using the WMI protocol.
      • Requires setting specific criteria to bind the MID Server and Windows domain using midserver and windomain fields with the operator set to equals.
      • Uses phase 1 allowing a single Shazzam probe to launch all functionalities in that phase efficiently.
      • Active checkbox must be enabled to activate the behavior.
    • Functionality 2: SSH and SNMP Scanning on Domain A
      • Configured to scan all SSH and SNMP devices on Domain A using the same MID Server as Functionality 1.
      • No specific criteria are required for non-WMI scanning; default match criteria set to Any.
      • Also uses phase 1 to optimize probe usage.
      • Active checkbox must be enabled.
    • Functionality 3: WMI Scanning on Domain B
      • Configured on a Windows MID Server that is a member of Domain B to scan Windows devices in that domain using WMI.
      • Requires criteria similar to Functionality 1, specifying the MID Server and Domain B with equals operators for midserver and windomain.
      • Also set to phase 1 for efficient probing and must be activated.

    Important Considerations

    • Windows MID Servers can only authenticate and scan WMI on their own Windows domain due to Windows authentication constraints.
    • WMI, SSH, and SNMP functionalities cannot be combined across Windows domains because WMI functionality criteria lock scanning to a specific domain.
    • Using a single phase number (phase 1) for all functionalities allows launching a single Shazzam probe, improving efficiency.
    • Configuring appropriate criteria for WMI functionalities ensures that each MID Server scans only its designated domain, avoiding duplicate scanning.
    • Non-WMI functionalities (SSH and SNMP) do not require criteria and can scan devices more broadly with the correct MID Server and credentials.

    Practical Benefits for ServiceNow Customers

    By configuring multiple functionalities within one Discovery behavior, customers can:

    • Effectively scan multiple Windows domains and non-Windows devices without overlap or duplicate scans.
    • Leverage domain-specific Windows MID Servers for WMI scanning and a single MID Server for SSH and SNMP scanning.
    • Optimize Discovery probe usage by using a single phase to launch multiple functionalities simultaneously.
    • Ensure accurate and efficient device discovery aligned with Windows authentication constraints.

    This example of a Discovery behavior requires three functionalities for the behavior.

    We will create three functionalities for this Behavior: one MID Server to scan Domain A for Windows devices only; a second functionality for the same MID Server to scan for all SSH and SNMP devices; and a third functionality that names a second MID Server to scan Domain B for Windows devices. The rationale for this is as follows:
    • A Windows MID Server can only discover Windows machines on the Windows domain to which it is joined. This is entirely due to the way Windows authentication works. For this reason, we need a WMI functionality for each domain.
    • A Windows MID Server, provided with the correct credentials, can discover SSH and SNMP devices anywhere; however, we cannot combine WMI, SSH, and SNMP functionalities across Windows domains. This is because the functionality criteria for the WMI scans locks in the Discovery to one specific domain. For this reason, SSH and SNMP discoveries require a separate functionality.
    • We want to scan each machine only once.

    Functionality 1: WMI Scanning on Domain A

    We configure a MID Server to scan for the WMI protocol on Domain A. WMI scans authenticate on Windows machines using the domain credentials of the Windows MID Server machine. Windows MID Servers cannot scan for the WMI protocol outside their own domains.

    Create the first functionality using the following values:
    Field Input Value
    Phase Type a phase number of 1 in this field. All functionalities in this example use the same phase number, which launches a single Shazzam probe for all the functionalities in that phase. A single phase, when feasible, is the most efficient use of the Shazzam probe.
    Functionality Select Windows, DNS, and WINS from the list. This functionality defines the WMI protocol that will be scanned and resolves the domain. Because we selected to scan for WMI, we must select a Windows MID Server for this functionality.
    MID Servers We select a Windows MID Server from Domain A - in this case sandb01-358.
    Active Make sure this check box is selected to enable this behavior.
    Match criteria Change the criteria to All.

    Create Functionality Criteria

    All Windows functionality requires criteria to identify the domain and the MID Server. In our example, we will create two criteria for this functionality. To create Functionality Criteria, click New in the Related List and enter the following values for the MID Server doing the WMI scanning on Domain A:
    Field Input Value
    Name Create the following criteria:
    • Enter mid_server to name the MID Server that will execute the WMI scans on Domain A.
    • Enter win_domain to name the Windows domain that Discovery will scan with the MID Server defined.
    Operator Select equals as the operator in this criteria.
    Value
    • For the mid_server value, enter the name of the MID Server that will scan Domain A for Windows devices.
    • For the win_domain value, enter the name of Domain A that this MID Server will scan for Windows devices.
    Active Be sure to enable the criteria by selecting this check box (true).

    The completed criteria appear in the Discovery Functionality form for this behavior.

    Functionality 2: SSH and SNMP

    In our network, we want to scan for UNIX computers and netgear, but we don't want to classify these devices twice. One of our MID Servers will be configured to classify SSH and SNMP using a different functionality than it does for WMI scans. We do not need to create criteria for non-WMI functionality.

    Create the second functionality using the following values:
    Field Input Value
    Phase Type a phase number of 1 in this field. All functionalities in this example use the same phase number, which launches a single Shazzam probe for all the functionalities in that phase. A single phase, when feasible, is the most efficient use of the Shazzam probe.
    Functionality Select All except Windows (no WMI) from the list. This functionality will scan SSH and SNMP protocols only.
    MID Servers We select the MID Server from Domain A - in this case sandb01-358.
    Active Make sure this check box is selected to enable this behavior.
    Match criteria Leave the default criteria of Any. Criteria are not used for non-WMI functionalities.

    Functionality 3: WMI Scanning on Domain B

    All that remains is to create a functionality for the WMI scans on Domain B. Because of the Windows authentication mechanism, we must configure a Windows MID Server to scan Domain B that is a member of that domain.

    Create the third functionality using the following values:
    Field Input Value
    Phase Type a phase number of 1 in this field. All functionalities in this example use the same phase number, which launches a single Shazzam probe for all the functionalities in that phase. A single phase, when feasible, is the most efficient use of the Shazzam probe.
    Functionality Select Windows, DNS, and WINS from the list. This functionality defines the WMI protocol that will be scanned and resolves the domain. Because we selected to scan for WMI, we must select a Windows MID Server for this functionality.
    MID Servers We select a Windows MID Server from Domain B - in this case disco-win2003.
    Active Make sure this check box is selected to enable this behavior.
    Match criteria Change the criteria to All.

    Create Functionality Criteria

    All Windows functionality requires criteria to identify the Windows domain and the MID Server. In our example, we will create two criteria for this functionality. To create Functionality Criteria, click New in the Related List and enter the following values for the MID Server doing the WMI scanning on Domain B:
    Field Input Value
    Name Create the following criteria:
    • Enter mid_server to name the MID Server that will execute the WMI scans on Domain B.
    • Enter win_domain to name the Windows domain that Discovery will scan with the MID Server defined.
    Operator Select equals as the operator in this criteria.
    Value
    • For the mid_server value, enter the name of the MID Server that will scan Domain B for Windows devices.
    • For the win_domain value, enter the name of Domain B that this MID Server will scan for Windows devices.
    Active Be sure to enable the criteria by selecting this check box (true).

    The completed criteria appear in the Discovery Functionality form for this behavior.