top of page

ITOM: Extending Discovery/Service Mapping Patterns

Updated: Jun 15, 2022

With Chris Tessier

In this article, we're going to be going over how to extend discovery and service mapping patterns, to bring back additional data into the seem that the other box patterns may not provide. We will be walking through some steps that would typically be done to extend a discovery pattern and also pull back details from the antivirus software that's installed on the system. This instance is being run on the Paris release, although the pattern extension functionality has been available since the London release. If you're using an older version of ServiceNow, the procedure could potentially still be the same.

Where to Start

We'll start by looking at our class model definitions for the server class. We've already added a couple additional attributes to that class to store the details from the antivirus extension that we'll be creating. Let's select the attributes tab and look at the added column. We've already defined two fields; one to store the antivirus signature when it was last updated timestamp, and then also one to store these antivirus signature version details. Since we've defined these attributes, we can start building our pattern extension now.

Building a Pattern Extension

We can navigate to the discovery patterns, and specifically we'll be adding an extension to the windows os pattern for the server devices. Let's open the pattern up. From the pattern designer, we can see that there's already an identification section that's been defined — this is where the bulk of the discovery is being performed for the windows servers, inside of ServiceNow discovery. We will be creating an extension section, which allows us to add additional details into these patterns, without flagging them as being customer updated or modified. In the future, when ServiceNow releases updates to these patterns, we can actually leverage the updated version of the pattern. We'll still receive the upgrades, and they will be automatically applied into our instance.

Let's create a new extension section. We’ll call it ‘Windows Defender AV’. Now we can actually open up our extension section and start building our pattern. Within the pattern builder interface, we can actually open up a debug session to start testing out our pattern as we're building it. Launch the debug mode from here and specify a MID server, and we'll just specify an IP of our target device that we're going to build this pattern against and discover. As this is debugging you'll see it's going to run through the previously mentioned identification section to ensure that we've passed all the necessary details on that particular server, and we're able to identify it as a windows server before we can start debugging our pattern extension section.

Now that the debug session has completed, we can actually see on the right hand side of the pattern designer some of the attributes that have come back from just the identification section. We can see details about the server itself, serial number, name and other details that were brought in from the identification section part of this pattern. From here, we can start building our pattern.

Parsing Command Details in the Pattern Builder

We'll parse the command output step within our pattern. Since we already know that this is using windows defender antivirus, we know the commands that we need to issue which is simply a powershell command. First, provide a name to the step. It’s important to note that depending on your antivirus software there may be different commands that you can run; some of the details can be parsed out from configuration files or registry keys. Refer to the software vendor's documentation to determine how you can pull those details out.

In this case, if we're using windows defender antivirus, we can actually just issue this powershell command; we'll run the command to verify the output. We can see we've actually retrieved the details from this particular server, since we have an active debug session. What we'll do is parse out the details from this particular result, and we're just going to use a properties file. There're many different methods to actually parse command details out and configure files in the pattern builder.

Storing Variables

In this example, first create a table to store our variables. We can do this manually just by highlighting the actual variables that we're looking for. There are also a number of different methods to parse these details out. We're going to pull this value for the antivirus signature last update details, and we'll name that ‘av last update’. We'll also pull out the antivirus signature version details — you can highlight it and just pull out that particular property. We can see our two attributes are highlighted; this means we parsed them out correctly and from here we can actually create a new step below. Our next step is actually inserting those attributes back into this cmdb ci. We'll rename our step, and for a horizontal discovery pattern, we'll actually be using a transform table operation. If this was a service mapping pattern, we could simply use the set parameter value operation to insert the attributes directly into that class. Here we will search on the right hand side.

Previously we showed you the two attributes that we've created on the server class. We can see inside of the attribute viewer, and you should see the two attributes that we'll be populating. We scroll down below in the temporary variable section, we can see the previously created av details table that was created to store those attributes temporarily. If you open that up, you can actually see that the two attributes that we parsed out in the previous step are visible on this table, so we know that we've parsed them out correctly.

From here, we define our source table, which are our av details temporary table and our target table which is going to be cmbd_ci_win_server. Below we can define exactly which tables we want to map to. In our windows server table, we had defined the u_antivirus_signature_version, and the value we can either drag this in from the av details temporary variable on the right or we can type it in, and this is our version attribute. We'll add the next attribute u_ antivirus_signature_last_updated and then populate our attribute.

Saving the Pattern and Running a Horizontal Discovery

From here, we can actually test our step. We can see here the antivirus signature version has been populated and the last updated fields are being populated into the server. We can now go ahead and save our pattern. Now that our pattern has been saved and is activated inside of our instance, we can go ahead and run a horizontal discovery against this target.

From the Discovery Schedules section, we'll select ‘quick discovery’ and initiate the quick discovery against our target. We'll wait for our discovery to complete it on this host. Now we can see that our discovery is completed against this target device. You can scroll down and select the Devices tab. Let's look at the ci in the CMDB. Now we've already modified our form to add our two new custom attributes into this view. We can see here the antivirus signature version has been populated and the antivirus signature last updated timestamp has also been populated.

This data can be controlled in terms of access it’s made visible to. If you want to restrict the access to security teams that's possible as well in the ServiceNow instance. Lastly, since the data is in ServiceNow, we do have multiple use-cases that can potentially benefit from this type of information. We can apply additional audit compliance rules on top of this data to ensure that our antivirus definitions are updated on a frequent basis. We can track that through reports and dashboards inside of ServiceNow.

Did you find ITOM: Extending Discovery/Service Mapping Patterns in ServiceNow article helpful? Are you ready to start your journey with ServiceNow? If you want to find out more information about GlideFast Consulting and our ServiceNow implementation services, you can reach out to us here.


About GlideFast Consulting

GlideFast is a ServiceNow Elite Partner and professional services firm that provides tailored solutions and professional services for ServiceNow implementations, integrations, managed support services, application development, and training. Reach out to our team here.

1,035 views0 comments

Recent Posts

See All
bottom of page