File Signature Normalization

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of File Signature Normalization

    File Signature Normalization enhances software identification by processing files discovered on UNIX or Windows servers using specific rules. It is a critical component for ServiceNow customers using Software Asset Management - Professional (SAMP) to monitor file types for security or software license management. This functionality works in conjunction with the File-Based Discovery plugin and requires activation through a request.

    Show full answer Show less

    How It Works

    The process uses file attributes such as name, size, and version to match file signatures against the Content Data Service (CDS). When a match is found, normalized software installation records are created and updated regularly during Discovery jobs executed via the MID Server. Unmatched files generate unidentified file set records, which administrators with the samadmin role can manually normalize by creating custom signature rules. These custom rules can be optionally shared back to the CDS for broader use or restricted as needed.

    File Signature Normalization also detects duplicate software installations discovered from different sources on the same configuration item, marking duplicates inactive until resolved. It updates software install attributes to reflect CDS changes, helping maintain accurate software inventory.

    Key Features

    • Integration with File-Based Discovery: Requires the File Signature Normalization plugin and optionally the File-Based Discovery plugin for filtering file signatures.
    • Custom Signature Rules: Allows creation and management of custom file signature rules for unidentified files, supporting continual improvement of discovery accuracy.
    • Duplicate Detection: Identifies and manages duplicate software installation records to maintain clean and accurate data.
    • Content Data Service Synchronization: Updates installation records based on the latest CDS software product and publisher information.

    Roles and Permissions

    The plugin introduces the filenormalizationadmin role, which grants access to file attribute data and unidentified file information. This role is necessary for managing and supporting third-party software discovery sources.

    Relevant Tables

    Several tables support the functionality:

    • sampfileset: Maps file sets to software products.
    • sampfilemap: Contains hash records for each discovered file.
    • sampfilename: Stores file names used for discovery searches.
    • sampcustomfilename: Holds user-entered file names for discovery.
    • cmdbunidentifiedfileset: Stores custom rules for files not matched in CDS.

    Important Considerations

    • Scheduled discovery jobs run during specific times to avoid performance degradation; altering these schedules may impact system stability.
    • File Signature Normalization models differ from pattern discovery models and do not undergo automatic normalization during scheduled jobs.

    File-based discovery finds files on UNIX or Windows servers and processes them with an established set of rules that enhance the identification of installed software. Use the results to monitor specific file types on network servers for security purposes or to manage your software licenses with the File Signature Normalization plugin for Software Asset Management - Professional (SAMP).

    For more information on the file-based discovery, see the File-based Discovery.
    Note:
    The information provided in this page only covers the features available with the File Signature Normalization (com.snc.file_signature_normalization) plugin.

    Required plugins

    The File Signature Normalization plugin is required to allow file information to be mapped to installed software. To enable this plugin, Request Software Asset Management.

    You can also enable file-based discovery with the File-Based Discovery (com.snc.discovery.file_based_discovery) plugin to filter file signatures. This plugin is included with a Discovery subscription, but you must request plugin activation. Normalization of products and publishers is available for file-based discovery with or without Software Asset Management.

    How File Signature Normalization works

    File Signature Normalization uses discovered files and their attributes, such as file name, file sizes, and version, to find a signature match in the Content Data Service (CDS). Then, File Signature Normalization creates a normalized software installation record.

    During regularly scheduled Discovery jobs, the file information is discovered at all the specified end points in a user environment and sent to the MID Server. The information from the MID Server is then sent back to the ServiceNow instance. Information is matched against the content library and the software installation records are created.

    If a discovered file name does not match a predefined file signature rule in the CDS, an unidentified file set record is created in the unidentified file set [cmdb_unidentified_file_set] table. Users with the sam_admin role can create a custom file signature rule for the unidentified file set to normalize data manually.

    If you opt in to the content service, these custom file signatures are sent back to the CDS for further analysis and inclusion in the content service for future discovery. You can also restrict some custom file signatures from being sent to the CDS by changing the value in the Exclude From CDS column to True.

    Note:
    Software discovery models are stored in the Software Discovery Model [cmdb_sam_sw_discovery_model] table. Unlike pattern discovery normalization, discovery models created by File Signature Normalization do not go through the normalization process automatically and are ignored during scheduled normalization jobs.

    File Signature Normalization also identifies duplicates. Software installations that are discovered on the same configuration item, but from different discovery sources, are considered duplicates. All installations that are identified are marked as inactive by default. Once the duplication has been deleted, the remaining installation is marked as active and the discovery model picks up all associated installs.

    Note:
    By default, scheduled jobs are performed during specific times so they do not run heavy loads that could cause performance or stability issues. If these scheduled job times are changed, performance issues could occur.

    Any software installs discovered during File-based discovery are updated to reflect any CDS changes in the software install attributes such as product or publisher name change. Stage product and Stage publisher are new columns in the File Set [samp_file_set] table.

    File Signature Normalization roles

    File Signature Normalization adds the following role.

    Roles Description
    file_normalization_admin Users with this role can access file attribute and unidentified file information. Required to ensure that file signature normalization supports third-party software installation discovery sources.

    Tables

    File Signature Normalization adds the following tables.

    Table Description
    samp_file_set File set that maps to a software product. Multiple samp_file_map records can point to one samp_file_set record.
    samp_file_map File map record for each file hash discovered by the end-user device. The file hash is created based on the discovered file and its attributes.
    samp_file_name File names that are used to search on end-user devices.
    samp_custom_file_name File names that entered by the user that can be discovered on end-user devices.
    cmdb_unidentified_file_set Custom rules that are created if a software match is not found for the discovered file in the CDS.