Running discoveries in your network

  • Release version: Yokohama
  • Updated July 8, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Running discoveries in your network

    This content guides ServiceNow customers on how to run network discoveries to create configuration items (CIs), define subnets, and discover resources in AWS and Azure clouds. Discoveries can be initiated via schedules or scripts to maintain accurate and up-to-date visibility into the network environment.

    Show full answer Show less

    MID Server Configuration Prerequisites

    • Supported applications: Specify which applications can use the MID Server; selecting "ALL" allows any application.
    • IP ranges: Define IP address ranges the MID Server scans. The Discovery schedule’s IP range must fall within these to find a matching MID Server. For security, limit to IPs under your control.
    • Capabilities: Assign capabilities the MID Server supports. Selecting "ALL" lets any application use the MID Server.

    Discovery Configuration Prerequisites

    • Credentials: Configure MID Servers with necessary login credentials to authenticate on devices. The MID Server tests all credentials and establishes affinity with successful ones, ensuring proper classification.
    • Classifications: Use default device and process classifications or create new ones as needed for unique devices, processes, or applications not covered by default classifiers.

    Running Discovery

    • Use the Discovery Configuration Console to select device types, applications, software files, and software CIs to discover. You can exclude CIs to disable related probes or classifiers.
    • CI Discovery: The most common discovery type to find devices, computers, and applications. Can be run on demand or scheduled, with configuration options for MID Servers and port probes.
    • Network Discovery: Identifies internal IP networks when IP ranges are unknown, helping organizations lacking comprehensive IP address knowledge.
    • Serverless Discovery: Finds applications on hosts without discovering the host first, relying on infrastructure patterns. Requires advanced pattern knowledge and skips scanning and classification phases.

    Monitoring and Error Resolution

    • Discovery Status: View summary and access the ECC queue for probe and sensor activity, including XML payloads exchanged.
    • Discovery Admin Workspace: Monitor ongoing discovery operations in real time.
    • Discovery Home page: Access details on schedules, cloud resources, discovered devices, and errors with remediation guidance.

    You can run discoveries from schedules or scripts to create configuration items, define subnets, or to find resources in AWS and Azure clouds.

    MID Server configuration prerequisites

    Ensure that your MID Servers are properly configured prior to creating a Discovery schedule.
    • Supported applications: Select the applications that are allowed to use the MID Server. You can use the ALL application option to allow any application to use the MID Server.
    • IP ranges: Define the ranges of IP address the MID Server can scan. To find a MID Server match, the IP range you configure on the Discovery schedule must fall into the ranges that one or more MID Servers can support.
      Note:
      To improve security, limit the range to IP address you control and exclude unnecessary ranges.
    • Capabilities: Create the capabilities that the MID Server supports. You can use the ALL capability option to allow any application to use the MID Server.

    Discovery configuration prerequisites

    Ensure that your MID Servers can authenticate on the devices they find and classify configuration items (CI) properly.
    • Credentials: Configure the MID Servers with the login credentials they need to query the devices in the network. The MID Server tries all available credentials on each discovered device, then creates an affinity for any successful credentials. For more information, see Credential affinity for Discovery and Orchestration.
    • Classifications: The device and process classifications provided in the base platform are normally sufficient. Create classifications as needed for the devices, processes, and applications in the network not covered by the default classifiers.

    Get started running a discovery

    1. Use the Discovery Configuration Console to get started with Discovery. The console provides configuration options which let you choose the types of devices, applications, software files, and software CIs you want Discovery to find. If you select a CI to exclude from scanning, the instance disables the related probe or classifier that Discovery uses to identify the CI. See Discovery Configuration Console to get started.
    2. Determine what type of discovery to run:
      • Run a Configuration item (CI) discovery to find the devices, computers, and applications on your network. This is the most common type of discovery. Run CI discovery from the Discovery Schedule, where you to set up a recurring schedule or run a discovery on demand. The Discovery Schedule also provides configuration options for MID Servers and the Shazzam port probe.
      • Run a Network Discovery to find the internal IP networks within your organization. If you already know the IP address ranges in your network, it is not necessary to run Network Discovery. It is intended for organizations that do not have complete knowledge of the IP addresses available for Discovery in their networks.
      • Run a Serverless Discovery to find applications on host machines without the need to discover the host first. Serverless Discovery relies on infrastructure patterns to explore CIs on a host. This kind of discovery skips the scanning and classification phases of discovery. You need an advanced knowledge of patterns to use this type of discovery. Refer to Patterns and horizontal discovery to get started with patterns.
    3. After you run a discovery, monitor the results of the discovery and resolve errors if they occurred:
      • Use the Discovery status to see a summary of a Discovery and to access the ECC queue, which shows probe and sensor activity, as well as the actual XML payload that is sent to or from an instance.
      • Use the Discovery Admin Workspace to monitor ongoing Discovery operations.
      • Use the Discovery Home page to access details for all schedules, cloud resources (virtual machines), discovered devices, and related errors that might have occurred. Error details include possible remediation steps.