Running discoveries in your network

  • Release version: Xanadu
  • Updated July 8, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Running discoveries in your network

    This topic guides ServiceNow customers on how to run Discovery processes within their networks to identify configuration items (CIs), define subnets, and locate resources across AWS and Azure clouds. It emphasizes preparing and configuring MID Servers and Discovery settings to ensure effective and secure scanning.

    Show full answer Show less

    MID Server Configuration Prerequisites

    • Supported applications: Define which applications are permitted to use the MID Server, with an option to allow all applications.
    • IP ranges: Specify the IP address ranges the MID Server can scan. Ensure that these ranges align with the Discovery schedule IP ranges, limiting them to addresses you control for security.
    • Capabilities: Assign capabilities that the MID Server supports, or allow all capabilities as needed.

    Discovery Configuration Prerequisites

    • Credentials: Configure login credentials on MID Servers so they can authenticate devices during discovery. The MID Server attempts all credentials and establishes affinity with successful ones.
    • Classifications: Use default device and process classifications or create new ones to cover unique devices, processes, or applications not included in the base platform.

    Running Discoveries

    Use the Discovery Configuration Console to set up discovery parameters, including device and application types to scan. Excluding certain CIs disables the related probes or classifiers.

    Choose the appropriate discovery type based on your needs:

    • CI Discovery: The most common discovery to identify devices, computers, and applications. Run via Discovery Schedule for recurring or on-demand scans, with configuration options for MID Servers and port probes.
    • Network Discovery: Discovers internal IP networks when IP ranges are not fully known, helping organizations map their available network addresses.
    • Serverless Discovery: Discovers applications on hosts without discovering the host first, relying on advanced infrastructure patterns and skipping scanning/classification phases. Requires advanced pattern knowledge.

    Monitoring and Error Resolution

    • Use the Discovery status to view summaries and detailed ECC queue activity, including probe and sensor data and XML payloads.
    • The Discovery Admin Workspace provides ongoing monitoring of Discovery operations.
    • The Discovery Home page offers access to schedule details, discovered cloud resources, devices, and error reports with remediation guidance.

    You can run discoveries from schedules or scripts to create configuration items, define subnets, or to find resources in AWS and Azure clouds.

    MID Server configuration prerequisites

    Ensure that your MID Servers are properly configured prior to creating a Discovery schedule.
    • Supported applications: Select the applications that are allowed to use the MID Server. You can use the ALL application option to allow any application to use the MID Server.
    • IP ranges: Define the ranges of IP address the MID Server can scan. To find a MID Server match, the IP range you configure on the Discovery schedule must fall into the ranges that one or more MID Servers can support.
      Note:
      To improve security, limit the range to IP address you control and exclude unnecessary ranges.
    • Capabilities: Create the capabilities that the MID Server supports. You can use the ALL capability option to allow any application to use the MID Server.

    Discovery configuration prerequisites

    Ensure that your MID Servers can authenticate on the devices they find and classify configuration items (CI) properly.
    • Credentials: Configure the MID Servers with the login credentials they need to query the devices in the network. The MID Server tries all available credentials on each discovered device, then creates an affinity for any successful credentials. For more information, see Credential affinity for Discovery and Orchestration.
    • Classifications: The device and process classifications provided in the base platform are normally sufficient. Create classifications as needed for the devices, processes, and applications in the network not covered by the default classifiers.

    Get started running a discovery

    1. Use the Discovery Configuration Console to get started with Discovery. The console provides configuration options which let you choose the types of devices, applications, software files, and software CIs you want Discovery to find. If you select a CI to exclude from scanning, the instance disables the related probe or classifier that Discovery uses to identify the CI. See Discovery Configuration Console to get started.
    2. Determine what type of discovery to run:
      • Run a Configuration item (CI) discovery to find the devices, computers, and applications on your network. This is the most common type of discovery. Run CI discovery from the Discovery Schedule, where you to set up a recurring schedule or run a discovery on demand. The Discovery Schedule also provides configuration options for MID Servers and the Shazzam port probe.
      • Run a Network Discovery to find the internal IP networks within your organization. If you already know the IP address ranges in your network, it is not necessary to run Network Discovery. It is intended for organizations that do not have complete knowledge of the IP addresses available for Discovery in their networks.
      • Run a Serverless Discovery to find applications on host machines without the need to discover the host first. Serverless Discovery relies on infrastructure patterns to explore CIs on a host. This kind of discovery skips the scanning and classification phases of discovery. You need an advanced knowledge of patterns to use this type of discovery. Refer to Patterns and horizontal discovery to get started with patterns.
    3. After you run a discovery, monitor the results of the discovery and resolve errors if they occurred:
      • Use the Discovery status to see a summary of a Discovery and to access the ECC queue, which shows probe and sensor activity, as well as the actual XML payload that is sent to or from an instance.
      • Use the Discovery Admin Workspace to monitor ongoing Discovery operations.
      • Use the Discovery Home page to access details for all schedules, cloud resources (virtual machines), discovered devices, and related errors that might have occurred. Error details include possible remediation steps.