_
_
_
_
Datadog
navy blue arrow pointing right
Datadog
Deploy Datadog
Optimize Cost & Governance
Integrations
ServiceNow
navy blue arrow pointing right
ServiceNow
ITOM Visibility
ITOM Health
ITSM
ITAM
SecOps
CMDB
GenAI
ServiceNow Platform Co-Pilot
ServiceNow Store Apps
Resources
navy blue arrow pointing right
resources
Case Studies
Videos
Product Sheets
Reference Documents
Press
Blog
Company
navy blue arrow pointing right
company
About RapDev
Careers
Press
Get in Touch
This is some text inside of a div block.
This is some text inside of a div block.
© RapDev 2024 | All rights reserved.
Check out RapDev's lineup for Knowledge 2024
arrow to go to next page in lime green
Datadog
Datadog
Deploy Datadog
Implement Datadog ObservabilityMigrate to Datadog
Optimize Cost
Datadog Platform Co-PilotHealth Check & Observability Best PracticesCost Monitoring & ControlTagging Strategy & Governance
Integrations
Ansible Methods for Automating Datadog Deployment
Take control of sprawling deployments and optimize efficiency with ease
Read More
Contact Us
Datadog Marketplace
ServiceNow
ServiceNow
ITOM Visibility
DiscoveryService MappingServiceGraph ConnectorsCMDBCSDM as CodeModern CloudOpsACC Agent
ITOM Health
Event ManagementAIOpsModern CloudOpsCMDB
ITSM
Lean into DevOpsIntegration HubCMDBChatOpsModern CloudOpsCSDM as Code
ITAM
HAM Pro | SAM ProCMDBAsset & CI Insights
SecOps
Vulnerability Response
CMDB
Asset & CI InsightsCMDB Assessment
GenAI
DiGiMajor Incident ManagementPrivate GPT
Platform Co-Pilot
ServiceNow Platform Co-pilot
ServiceNow Store
Asset & CI InsightsCSDM as CodeInfoBloxLean into DevOpsModern CloudOpsyaml JSON Converter
Populating the Technical Platform/App Services Layer of the CSDM
Part II in our CSDM blog series - identify Application Services, relate them to Business Apps and Technical Service Offerings
Read More
Contact Us
ServiceNow Store
Resources
Company
Company
Company
About UsCareers10PressEvents
April 2024
RapDev Patent: 'CSDM as Code' Solution for PaaS
RapDev has been awarded its first patent for CSDM as Code, a configuration management tool tailored for Platform as a Service (PaaS) environments.
Go to Article
Contact Us
Get in Touch
Back to Blog
ServiceNow
Automation

Unclassed Hardware and Vulnerability Response

Enhancing Efficiency in Managing Unclassified Hardware Records
3
min read
|
by
Tanner Ylvisaker
April 3, 2024

As part of an out-of-the-box Vulnerability Response implementation, ServiceNow creates unclassed hardware “cmdb_ci_unclassed_hardware” records when it encounters a vulnerability on a CI that it cannot identify through either CI Lookup Rules or the IRE. This will be handled by the persona CI Manager “ (sn_vul.ci_manager) in the Vulnerability Response Module. In the following diagrams, you can see how each module interacts with the CMDB. 

Container Vulnerability Response

Infrastructure Vulnerability Response

Reclassification and the Problem

As part of vulnerability response, ServiceNow supports the reclassification of unclassed hardware with CI Lookup Rules. However, this system needs to be updated, and we will leverage IRE whenever possible. Currently, ServiceNow does not supply an easy way to reclassify unclassed hardware with the IRE engine. When discovery comes along and finds a CI that was in the unclassed hardware table, it will create a new CI rather than replace the existing CI. Typically, there would need to be a manual task for the “CI Manager'' to analyze the unclassed hardware table and determine whether or not the CIs have been discovered.

Suggested Improvements

To alleviate this manual process, here are two quality-of-life improvements.

First, create a scheduled job to find retired unclassed hardware records. This job will loop through the unclassed hardware table and cross-check with the discovered item and discovered container image table. If there is no longer a match, we can assume the CI is no longer in use and can be marked as retired and eventually deleted. Below is an example of what this scheduled job could look like.

Second, create an “Unclassed Hardware” discovery schedule and automatically increment the list of IPs that it scans with any new unclassed hardware records. This will allow the CI Manager to run that schedule and use the result to determine the accuracy of any record in the unclassed hardware table. To accomplish this, create a business rule on the unclassed hardware table. Ensure the “When to run” is on updated and created records. Use the advanced tab to create a script. The objective of this script is to update the discovery IP range that is associated with the “Unclassed Hardware” discovery schedule. Review the script below.

At the end of the day, the unclassed hardware table is not strictly part of the CMDB. It represents the unidentifiable data brought in from a vulnerability scanner so that a relationship and the corresponding vulnerability can still be established. We should not prioritize keeping it clean but rather look at the underlying causes of why that data is there. 

If you want to explore unclassed hardware in your environments further or need a better understanding, contact us at chat@rapdev.io.

Written by
Tanner Ylvisaker
Minneapolis
A ServiceNow Engineer with a passion for automation. He began his career in infrastructure and thrives when merging it with ServiceNow. He consistently solves business challenges using code. Off work, he’s likely spending time with his family or playing golf.
More by
Tanner
Ping Probe
Aug 2023
teal arrow pointing right to go further
you might also like
ServiceNow
Populating the Technical Platform/App Services Layer of the CSDM
Populating the Technical Platform/App Services Layer of the CSDM
Read
teal arrow pointing right to go further
ServiceNow
Transforming User Experiences with ServiceNow DEX
Transforming User Experiences with ServiceNow DEX
Read
teal arrow pointing right to go further
ServiceNow
ServiceNow Store Integration: CSDM as Code
ServiceNow Store Integration: CSDM as Code
Read
teal arrow pointing right to go further
back to blog
Company
About UsCareersPressContactEvents
© RapDev 2024 | All rights reserved. | 
Privacy Policy