Agent Client Collector for Visibility - Content default checks and policies

  • Release version: Australia
  • Updated March 12, 2026
  • 6 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Agent Client Collector for Visibility - Content default checks and policies

    Agent Client Collector for Visibility - Content (ACC-VC) offers a suite of predefined checks and policies designed to collect detailed endpoint and software data across managed devices. These policies typically run once daily and enable comprehensive discovery and monitoring of installed software, running processes, file inventories, and SaaS application usage on devices such as Windows, macOS, and Linux endpoints.

    Show full answer Show less

    Key Features

    • Enhanced Discovery: Scheduled by default every 24 hours (customizable), this policy syncs configuration to agents and collects system and process data, requiring certain Linux sudo permissions for full data capture.
    • SAM Discovery Policies: Capture software installation details and usage metrics on Windows and macOS devices, including a background job that processes Osqueryd logs for Software Asset Management (SAM).
    • Installed Software Policy: Collects software installation data on non-Windows endpoints, storing results in a dedicated CMDB table.
    • File-Based Discovery (FBD): Supports file scanning based on configuration files and customer-defined rules, including software file identification using allowlists, SWID tag scanning on multiple platforms, and customizable file extension and name matching rules. Administrators can activate and configure FBD in the Discovery Definition Configuration Console.
    • Web and Browser Metrics: Policies to collect SaaS application metrics, initialize browser extensions for user and device tracking, and gather web usage data on Windows and macOS devices. Web usage monitoring can be enabled via system properties.
    • Check Types: Includes Enhanced Discovery, SAM Advanced Discovery, and Installed Software checks, each invoking specific handler scripts to process collected data from endpoints.
    • Business Rule: An automated trigger that initiates Endpoint Discovery checks when a related Configuration Item (CI) is deleted, ensuring data consistency.

    Practical Considerations for ServiceNow Customers

    • Policies run daily by default but can be adjusted to meet organizational needs, balancing data freshness and system resource usage.
    • Enabling File-Based Discovery requires toggling the feature in the Discovery Definition Configuration Console and configuring related file matching and extension rules for tailored file inventory management.
    • Linux endpoints require specific sudo permissions to allow ACC-VC to collect detailed hardware and process information without conflicts.
    • Web usage and SaaS application monitoring features are disabled by default and must be explicitly activated via system properties to begin data collection.
    • Background aggregation jobs for SAM logs may temporarily increase resource consumption; plan accordingly to avoid performance impacts.

    Expected Outcomes

    By implementing ACC-VC default checks and policies, ServiceNow customers gain automated, regularly scheduled collection of detailed endpoint and software data. This enables enhanced visibility into installed applications, running processes, file inventories, SaaS usage, and web activity, all feeding into accurate Configuration Management Database (CMDB) records and supporting software asset management efforts. The solution facilitates improved discovery accuracy, inventory management, and operational insights across diverse endpoint environments.

    Agent Client Collector for Visibility - Content (ACC-VC) provides various checks and policies as well as a business rule.

    Policies

    Note:
    ACC-VC policies execute at a frequency of once per day. The total data ingested would be approximately 572KB. This takes into consideration an average of approximately 1500 installed software applications and approximately 500 running processes other than CI data per machine.
    Table 1. ACC-VC policies
    Name Description Checks definitions
    Enhanced Discovery Runs on a schedule, by default every 24 hours (86400 seconds). The policy interval can be adjusted, for example to run every 4 hours (set the interval to 14400). The ACC-VC policy configuration is synced to all agents based on the policy filter defined by ACC-VC. Update the following ACC-F system properties, if needed:
    • sn_agent.disco_minimum_threshold_for_rediscovery_minutes: to avoid discovering the system too frequently.
    • sn_agent.disco_disable_ci_clobber_of_agentless_disco: to avoid Discovery conflicts.
    • sn_agent.disco_ci_clobber_of_agentless_disco_threshold_days: to avoid Discovery conflicts.
    		 Enhanced Discovery
    SAM Discovery Responsible for capturing the software installed on any endpoint device, such as Windows desktops or macOS servers. Software installations and usage metrics
    SAM background Enables a background job for processing the Osqueryd logs for SAM on Windows and macOS endpoint devices. SAM background log check
    SAM background (Non OsqueryD) Enables a background job to collect SAM information using osqueryi instead of osqueryd. SAM Background Policy (Non OsqueryD)
    Software installed Responsible for capturing the software installed on all devices except for Windows endpoint devices. The data collected is stored in the [cmdb_sam_sw_install] table. Scheduled to run every 24 hours. installed software
    File-based Discovery background policy Takes the config file as input from the instance to an agent. Scans the system using config file parameters and stores the output in two separate files on the agent.
    • FBDSAMOutput.json: Stores metadata related to the set of file names generated from the samp_file_name table.
    • FBDFileOutput.json: Stores metadata related to files scanned by a wildcard extension.

    Runs on the agent when file-based discovery is invoked. For details, see Agent Client Collector File-Based Discovery.

    Default: false. To activate, navigate to All > Discovery Definition > Configuration Console and in the File Based Discovery section, activate the Enable File Based Discovery toggle switch.

    		 File-based discovery background
    File-based Discovery - SAM Discovers known software files on the endpoint. Uses an allowlist of recognized software filenames maintained by ServiceNow. When a file on disk matches an allowlist entry, FBD uses the FileBasedDiscovery API to identify the collected software metadata (file name, path, size, and version), identifies the software package it belongs to and records the installation on the instance. Unrecognized files are tracked in the unidentified file records table (cmdb_unidentified_file_set). Runs daily.

    Default: false. To activate, navigate to All > Discovery Definition > Configuration Console and in the File Based Discovery section, activate the Enable File Based Discovery toggle switch.

    		 File-based discovery - SAM
    File-based Discovery - SWID tag Enables SWID tag scanning on a Windows, Linux or macOS platform. When enabled, the scanner looks for .swid, .swidtag, and .cmptag files in the configured scan directories. Stores results in the following tables:
    • cmdb_swid_tag: Parsed SWID tag records
    • cmdb_file_information: Individual file records
    • cmdb_sam_sw_install: Individual software records

    Default: false. To activate, navigate to All > Discovery Definition > Configuration Console and in the File Based Discovery section, activate the Enable File Based Discovery toggle switch.
    File-based Discovery - File management Discovers files based on customer-defined rules. Administrators configure which file extensions to look for and define filename matching rules such as exact match, starts with, ends with, or contains. This policy builds a device-level file inventory based on the organization's specific needs. Results are stored in the sn_acc_vis_content_device_file_information table.

    Configure rules in the File Matching rules (sn_acc_vis_contet_file_config) and File extensions (sn_acc_vis_content_file_extension) properties. For details on these properties, see Agent Client Collector File-Based Discovery properties.

    File Management supports delta scanning; after the initial full scan, only added, modified, and deleted files are sent on subsequent runs. For details on delta scanning, see Agent Client Collector File-Based Discovery.

    Default: false. To activate, navigate to All > Discovery Definition > Configuration Console and in the File Based Discovery section, activate the Enable File Based Discovery toggle switch.

    		 File-based discovery - File management
    VISC Get application metric Retrieves the SaaS application metrics from the agents.

    For details on enabling SaaS usage monitoring with ACC-VC, see the SaaS Usage Monitoring with Agent Client Collector [KB2320193] article in the Now Support Knowledge Base.

    		 VISC Get application metric
    VISC Get browser extension device init Initializes the DEX browser extension with the host sysID. VISC Get browser extension device init
    VISC Get browser extension init Initializes the DEX browser extension with logged-in users. VISC Get browser extension init
    VISC Get URL metrics Controls the collection of web usage data from Windows and macOS managed devices. Runs daily.

    Default: Inactive. To activate the policy, set the sn_acc_vis_content.enable_full_monitoring property to true.

    For details on web usage data system properties, see Web usage data collection tables and fields.

    		 VISC Get URL metrics
    Note:
    Windows endpoint devices include devices that have a Windows operating system and belong to CI class: computer.

    See System properties for more details. For more details on policies, see Checks and policies.

    Check type

    ACC-VC has the following check types: Enhanced Discovery, SAM Advanced Discovery, and Installed Software.
    Enhanced Discovery
    This check type is responsible for invoking the EnhancedDiscoveryHandler script include that processes the payload produced by endpoint_discovery.rb as executed by ACC.

    Used by File-base Discovery.

    SAM Advanced Discovery
    This check type is for the SAM Discovery policy that invokes the EnhancedDiscoveryHandler script include for processing the SAM data produced by the sam_advanced.rb file.
    Installed Software
    This check type for the Software installed policy that invokes the EnhancedDiscoveryHandler script include for processing the installed software data produced by the installed_software.rb file.

    Check definitions

    Table 2. ACC-VC check definitions
    Name Description
    Enhanced Discovery Synced to all agents based on the policy filter defined by ACC-VC. The Check definition is configured to run with certain assets and determines what gets synced between the agent and the MID Server. For more details on policies, see Checks and policies.
    Note:
    For the agent to retrieve the OS serial numbers and TCP connections along with associated running processes, sudo access for “dmidecode” and “ss” is required on Linux systems. For example, this content could be added to /etc/sudoers or to an individual file in /etc/sudoers.d/: 
    Cmnd_Alias AGENT_ACC_V = /usr/sbin/dmidecode -s baseboard-serial-number,/usr/sbin/dmidecode -s chassis-serial-number,/usr/sbin/dmidecode -s system-serial-number,/usr/sbin/dmidecode -s system-uuid,/usr/sbin/ss -tanp
servicenow ALL=(root) NOPASSWD:AGENT_ACC_V
    SAM background log check Runs every 8 minutes and performs inline aggregation of data generated from Osqueryd logs. After collecting the data, it writes all the intermediate data results into a temporary marker file which is reused in the next run. This reuse limits the number of log files and disk space needed on target systems.
    Note:
    You may notice a spike in system resource consumption, as the background aggregation check runs every interval.
    Software installations and usage metrics Collects data every 24 hours.
    Installed software Fetches installed software data for all devices other than Windows and macOS endpoint devices.
    File-based discovery background Runs a file scanning background job on the agent.
    File-based discovery Fetches the file data from the agent.

    Business rule

    The Enhanced Discovery – On CI Delete business rule triggers the Endpoint Discovery Check when the CI associated with a given CI is deleted from sn_agent_cmdb_ci_agent.