0% found this document useful (0 votes)
158 views3 pages

MODULE 8 - Horizontal Discovery Patterns

The document describes horizontal discovery patterns in ServiceNow. It discusses the 4 phases of horizontal discovery and the types of patterns. Patterns perform similar functions to probes but have better performance. Patterns contain steps that identify CIs using operations like WMI queries. Shared libraries allow steps to be reused across patterns. The document provides examples of different pattern operations.

Uploaded by

Daniel Zamudio
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
158 views3 pages

MODULE 8 - Horizontal Discovery Patterns

The document describes horizontal discovery patterns in ServiceNow. It discusses the 4 phases of horizontal discovery and the types of patterns. Patterns perform similar functions to probes but have better performance. Patterns contain steps that identify CIs using operations like WMI queries. Shared libraries allow steps to be reused across patterns. The document provides examples of different pattern operations.

Uploaded by

Daniel Zamudio
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

Horizontal Discovery Patterns

- Phase 1 - Scanning
Shazzam probe scans common ports
Discovery determines which ports responded and identifies the type of machine
- Phase 2 - Classification
Classification probe is sent based on port probe response
Probe retrieves additional information, such as version of the OS, then classifies
the device
- Phase 3 - Identification
Patterns unify the Identification and Exploration Phases
The Classifier specifies the Horizontal Pattern probe
The Horizontal Pattern probe specifies which pattern to launch
Horizontal Pattern probe also contain a sensor used for updating the CMDB
- Phase 4 - Exploration
Patterns unify the Identification and Exploration Phases
The Classifier specifies the Horizontal Pattern probe
The Horizontal Pattern probe specifies which pattern to launch
Horizontal Pattern probe also contain a sensor used for updating the CMDB

Pattern
Series of operation that tell Discovery:
-Which CI to find on your network
-What credentials to use
-What tables to populate in CMDB

Patterns perform same functions as a probe:


-Identifies a target CI
-Explores a CI for details, such as RAM, CPU, OS, version, etc

Differences between Patern and Probes


-Patterns run during Identification and Exploration phases, Probes run during all
phases
-Probes create many ECC queue records, patterns only creates one additional record
-Patterns have a faster performance during Discovery than probes

Discovery Patterns 2 types:


- Infrastructure, identify hardware or hosts, such as servers, load balancers, etc
- Application, identify by a running process on a host, such as IIS, Apache, MSSQL

Pattern Sections,
- Identification: identify a CI through a series of steps and is part of the
baseline pattern record
- Extension: extends the Identification section, without changnig the baseline
pattern and is saved as a shared library

Steps are the basis for Discovery


- Once a step is created an Operation is selected, which determines how information
is gathered, modified, verified within each step
- THe order of the steps is inportant as each step is evaluated in sequence
- Each step must be succesful during discovery or the pattern will fail

Shared Libraries
- Steps can be saved in Shared Libraries and reused between patterns
- Shared patterns are saved in the Discovery Patterns [sa_pattern] table
- Can only be modified from the pattern they reference
Linux . MEmory modules shared library can be modified by accessing the Linux Server
pattern

Operation Choices
-- Structure
- Library Reference
- Match

-- Parse
- Parse Command Output
- Parse File
- Parse Variable

-- Others
- Change User
- Find Matching URL
- Parse URL
- Put File
- Set Parameter Value
- Unchange User

-- Query
- Get Process
- Get Registry Key
- LDAP Query
- SNMP Query
- WMI Method Invocation
- WMI Query

-- Table Operations
- Create Relation/Reference
- Filter Table
- Merge Table
- Transform Table
- Union Tables

-- Populate Variables
-- Debug
Debug Mode without a Discovery Schedule

-- Set Parameter Value


- Used to set a value of a variable or field
- Ideal for constant or static values
- VALUE field is what will be returned
- NAME field is the name of the variable
- Variable names must match the Column name of a field, not the label, in order for
it populate in a table

Parse Command Output


- Used to extract information from the command output
- Define Parsing determines the strategy used to extract information, such as
Delimited text, RegEx, etc
- Delimiters and Positions are used to define what specific information will be
captured from the Output

Merge Table
- Operation to merge content from two source tables into a target table
- Great final step if variable names match CI attributes
- Target Table should match CI Type for final step

Transform Table
- Add one or more computed columns to an existing table and place the results in a
target table
- Use this operation to unify information from different sources

WMI Query
- Get variable information from the target using OS tool
- Break down the query with UI for fields and contdition

SNMP Query
- Get variable information from the target
- Uses OID for SNMP query
- Populates multiple variables into a pattern table

Query for variables NOT HARD CODE

Parse Variable
- Use variables from query to populate pattern tables
- Multiple parsing strategies
- Drag and drop capabilities

Pattern Payload Properties


mid.discovery.max_pattern_payload_size
- Whit so many Shared Patterns being accessed when using Horizontal patterns, the
default payload size may be exceeded
- Default pattern payload size is 300000 bytes
- If the patter payload size is too low, errors may occur when running Debug or
Discovery
- Modify MID Server>Properties to increase the
mid.discovery.max_pattern_payload_size
- Leaving the MID Server field blank will apply the modified value to all MID
Servers

You might also like