Network Intrusion Detection System (NIDS) CI extension class

  • Release version: Xanadu
  • Updated July 30, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Network Intrusion Detection System (NIDS) CI extension class

    The Network Intrusion Detection System (NIDS) CI extension class [cmdbcinids] enables ServiceNow customers to represent and manage passive network monitoring appliances within the CMDB. It builds relationships between NIDS sensors and the network devices they detect, supporting improved visibility into network security and device discovery.

    Show full answer Show less

    A NIDS Manager oversees the sensors, which detect devices and establish "Detects::detected by" relationships between NIDS records (parents) and discovered CIs (children).

    Key Features

    • New CMDB Class: The cmdbcinids class extends the network intrusion detection system capabilities within ServiceNow CMDB, specifically for monitoring network traffic and device detection.
    • Class Columns: Additional columns in the cmdbcinids class include:
      • NIDS source ID (correlationid): Unique identifier for the NIDS device.
      • NIDS source name (nidssourcename): Name of the NIDS device.
      • Network type assignment (networktypeassignment): Indicates if the device is on an IT or OT network.
      • NIDS assignment site (isaentitysite): Specifies the ISA site assigned to the NIDS, visible to users with ISA Admin role.
    • Roles and Access Control: The NIDS Admin role (cmdbnidsadmin) grants full create, read, update, and delete permissions on NIDS OT records and access to the Network IDS Application menu.
    • Relationship Management: For each CI linked with a "Detected by" relationship to a NIDS record, metadata such as Location, Company, and related users/groups are assigned automatically via the Operational Technology Certified Service Graph Connector.
    • OT Network Handling: When the network type is OT, the system creates an OT device record (cmdbotentity) for the CI, assigning the NIDS zone and, if Industrial Process Manager is installed, the NIDS site. This enhances OT asset visibility and management.
    • Sensor Learning Mode Support: Life Cycle Stage and Life Cycle Stage Status fields reflect sensor status—validation fails if in ‘Learning Mode’ and succeeds when ‘In Use’—helping customers track sensor readiness.

    Practical Benefits

    • Enables detailed tracking and management of network intrusion detection devices within the CMDB.
    • Improves accuracy of device discovery and relationship mapping between network monitoring appliances and detected devices.
    • Supports differentiation and management of IT versus OT network devices, critical for operational technology environments.
    • Provides role-based access control to safeguard configuration and management of sensitive NIDS data.
    • Integrates with ServiceNow’s Operational Technology Certified Service Graph, enhancing metadata completeness and device lifecycle management.

    The Network Intrusion Detection System (NIDS) [cmdb_ci_nids] class builds the relationships between passive network monitoring appliances, and the devices on the network that it discovers.​ A NIDS Manager manages the NIDS sensors that detect the devices and builds "Detects::detected by” relationships between the NIDS records (parent) and the CIs it discovers (child).​

    This topic lists the relevant classes that the CMDB CI Class Models store app adds or updates. See the class columns table for further details about the columns added for each class.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Network Intrusion Detection System (NIDS) schema structure​

    NIDS schema structure.

    Classes

    CMDB CI Class Models: Release 1.30 adds the following classes for the Network Intrusion Detection System (NIDS). For the list of CMDB classes in a base system, including ones that this store app might be extending, see CMDB tables descriptions.
    Class Extends Description
    Network Intrusion Detection System (NIDS) (cmdb_ci_nids) cmdb_ci_ids_network NIDS is an intrusion detection system within the network that examines the traffic from all devices on the network. NIDS scanners build relationships between the OT network scanning appliances, and the OT devices on the network.​ An NIDS Manager manages the NIDS sensors.​

    Class columns

    CMDB CI Class Models: Release 1.30 adds the following columns to the Network Intrusion Detection System (NIDS) [cmdb_ci_nids] class.

    Table 1. Network Intrusion Detection System (NIDS) [cmdb_ci_nids] class
    Column label Column name Description
    NIDS source ID Correlation_id Identifier of the NIDS device. Uses the assigned Correlation ID for the NIDS as its nids_source_id.
    NIDS source name nids_source_name Name of the NIDS device.
    Network type assignment network_type_assignment Designates if the device is on an IT or OT network.
    NIDS assignment site isa_entity_site ISA site assigned to the NIDS. This information is available when the logged in user has an assigned ISA Admin role.

    Roles and Access Control Logic (ACLs)

    The NIDS Admin (cmdb_nids_admin) role is associated with the Network Intrusion Detection System (NIDS) [cmdb_ci_nids] class: Can create, read, update, and delete Network IDS (NDIS) OT records. To view the Network IDS Application selection on the application menu, you must have this role.

    Key relationship structure

    For each CMDB CI record with a “Detected by” relationship with an NIDS record, a ServiceNow Operational Technology Certified Service Graph Connector does the following:

    1. Assigns the following NIDS-related metadata values to the CI:
      1. Location
      2. Company
      3. Related users (Owned by, Managed by, Supported by, Assigned to)
      4. Related user groups (Approval group, Managed by Group, Support group, Change group)
    2. If the NIDS network type is set to OT, it assigns the following NIDS-related metadata values to the CI:
      1. Creates an OT device (cmdb_ot_entity) record for the CI, using the cmdb_ot_entity reference on the CI.
      2. Assigns the NIDS assignment zone to the OT device record.
      3. If the Industrial Process Manager is installed, assign the NIDS assignment site to the OT device record.
    3. Life Cycle Stage and Life Cycle Stage Status values for the CI are used to capture the learning mode of a sensor.
      • If Life Cycle Stage is Operational and Life Cycle Stage Status is Learning Mode, then validation is unsuccessful.
      • If Life Cycle Stage Status is In Use, validation is successful.