File Signature Normalization

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of File Signature Normalization

    File Signature Normalization enhances file-based discovery on UNIX and Windows servers by applying rules to discovered files to improve the identification of installed software. This process supports security monitoring and software license management within the Software Asset Management - Professional (SAMP) framework. It works by matching file attributes against the Content Data Service (CDS) to create normalized software installation records.

    Show full answer Show less

    Key Features

    • Plugin Requirements: Requires the File Signature Normalization plugin (com.snc.filesignaturenormalization) and optionally the File-Based Discovery plugin (com.snc.discovery.filebaseddiscovery) for filtering file signatures. Activation must be requested.
    • Normalization Process: Discovered files are processed via MID Server, matched against CDS signatures, and software installation records are created. Unmatched files generate unidentified file set records that can be manually normalized by users with the samadmin role.
    • Custom File Signature Rules: Users can create custom rules for unidentified files. These can be shared back to the CDS for wider use or excluded based on configuration.
    • Duplicate Identification: The system detects duplicate software installations from multiple discovery sources on the same configuration item, marking duplicates inactive until resolved.
    • Software Install Updates: Software install records are updated according to changes in CDS attributes like product or publisher names.
    • Security and Performance: Scheduled discovery jobs run during specific times to minimize performance impact. Modifying these schedules may affect system stability.

    Roles and Permissions

    The plugin introduces the filenormalizationadmin role, granting access to file attribute data and unidentified file information. This role is essential for supporting third-party software discovery sources.

    Data Tables

    The File Signature Normalization plugin adds several tables to manage file and software data:

    • sampfileset: Maps file sets to software products.
    • sampfilemap: Stores file hash records based on discovered files and their attributes.
    • sampfilename: Contains file names used to search devices.
    • sampcustomfilename: Stores user-entered file names for discovery.
    • cmdbunidentifiedfileset: Holds custom rules for files unmatched in the CDS.

    Practical Implications for ServiceNow Customers

    By enabling File Signature Normalization, customers can achieve more accurate software identification through file-based discovery, improving license management and security monitoring. Custom rule creation allows adaptation to unique environments, while duplicate detection helps maintain clean and reliable software inventory data. Proper role assignment ensures authorized users manage file normalization effectively, and maintaining scheduled job timing supports optimal system performance.

    File-based discovery finds files on UNIX or Windows servers and processes them with an established set of rules that enhance the identification of installed software. Use the results to monitor specific file types on network servers for security purposes or to manage your software licenses with the File Signature Normalization plugin for Software Asset Management - Professional (SAMP).

    For more information on the file-based discovery, see the File-based Discovery.
    Note:
    The information provided in this page only covers the features available with the File Signature Normalization (com.snc.file_signature_normalization) plugin.

    Required plugins

    The File Signature Normalization plugin is required to allow file information to be mapped to installed software. To enable this plugin, Request Software Asset Management.

    You can also enable file-based discovery with the File-Based Discovery (com.snc.discovery.file_based_discovery) plugin to filter file signatures. This plugin is included with a Discovery subscription, but you must request plugin activation. Normalization of products and publishers is available for file-based discovery with or without Software Asset Management.

    How File Signature Normalization works

    File Signature Normalization uses discovered files and their attributes, such as file name, file sizes, and version, to find a signature match in the Content Data Service (CDS). Then, File Signature Normalization creates a normalized software installation record.

    During regularly scheduled Discovery jobs, the file information is discovered at all the specified end points in a user environment and sent to the MID Server. The information from the MID Server is then sent back to the ServiceNow instance. Information is matched against the content library and the software installation records are created.

    If a discovered file name does not match a predefined file signature rule in the CDS, an unidentified file set record is created in the unidentified file set [cmdb_unidentified_file_set] table. Users with the sam_admin role can create a custom file signature rule for the unidentified file set to normalize data manually.

    If you opt in to the content service, these custom file signatures are sent back to the CDS for further analysis and inclusion in the content service for future discovery. You can also restrict some custom file signatures from being sent to the CDS by changing the value in the Exclude From CDS column to True.

    Note:
    Software discovery models are stored in the Software Discovery Model [cmdb_sam_sw_discovery_model] table. Unlike pattern discovery normalization, discovery models created by File Signature Normalization do not go through the normalization process automatically and are ignored during scheduled normalization jobs.

    File Signature Normalization also identifies duplicates. Software installations that are discovered on the same configuration item, but from different discovery sources, are considered duplicates. All installations that are identified are marked as inactive by default. Once the duplication has been deleted, the remaining installation is marked as active and the discovery model picks up all associated installs.

    Note:
    By default, scheduled jobs are performed during specific times so they do not run heavy loads that could cause performance or stability issues. If these scheduled job times are changed, performance issues could occur.

    Any software installs discovered during File-based discovery are updated to reflect any CDS changes in the software install attributes such as product or publisher name change. Stage product and Stage publisher are new columns in the File Set [samp_file_set] table.

    File Signature Normalization roles

    File Signature Normalization adds the following role.

    Roles Description
    file_normalization_admin Users with this role can access file attribute and unidentified file information. Required to ensure that file signature normalization supports third-party software installation discovery sources.

    Tables

    File Signature Normalization adds the following tables.

    Table Description
    samp_file_set File set that maps to a software product. Multiple samp_file_map records can point to one samp_file_set record.
    samp_file_map File map record for each file hash discovered by the end-user device. The file hash is created based on the discovered file and its attributes.
    samp_file_name File names that are used to search on end-user devices.
    samp_custom_file_name File names that entered by the user that can be discovered on end-user devices.
    cmdb_unidentified_file_set Custom rules that are created if a software match is not found for the discovered file in the CDS.