Exploring Instance Scan

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Instance Scan

    Instance Scan is a tool designed for detecting anomalies and opportunities within your ServiceNow instance. It allows users to create checks and execute scans, focusing on security, performance, user experience, and best practices. Note that Instance Scan does not fully support domain separation, but findings are visually separated based on the source record's domain.

    Show full answer Show less

    Key Features

    • Checks: These are specific rules that identify issues or opportunities within your instance, applicable to tables, records, or metadata.
    • Results: The outcome of an Instance Scan provides status and type of the scan conducted.
    • Findings: These refer to records that have violated rules defined by checks.
    • Dashboard: A visual representation of the health of your instance, enabling management and analysis of scan results.
    • Quota Rule: Sets execution thresholds for scans to prevent long-running processes, with scans exceeding the threshold resulting in a failure.
    • Scan Types:
      • Full Scan: Executes all active checks across the entire instance.
      • Point Scan: Runs checks on a single record, update set, or application.
      • Test Scan: Verifies individual checks without running a full scan.
    • Roles: Users with the scanuser role can perform various scans and access findings and results.

    Key Outcomes

    By utilizing Instance Scan, ServiceNow customers can effectively identify and address vulnerabilities in their instances, leading to enhanced security, improved performance, and better overall manageability. The tool provides actionable insights through its dashboard and findings, ensuring that users can take informed steps towards optimizing their instances.

    If you are new to Instance Scan, read this overview to learn what the tool can do. Follow the tutorial to create checks and execute scans that uses most basics of Instance Scan features.

    Note:
    Instance Scan doesn't fully support domain separation. Findings are visibly domain separated based on the domain of the source record. For more information see Domain separation.

    Instance Scan record and components

    Checks
    Checks are singular focused rules that detect anomalies or opportunities in an instance. These checks can run against tables, records, or metadata. Checks are defined to identify security, upgrade best practices, manageability, user experience and performance vulnerabilities. See Getting started with checks for more information.
    Results
    An Instance Scan result reports the status and type of the scan. See Results for more information.
    Findings
    A finding is a reference to a record that has violated a rule from a check on the instance. See Findings for more information.
    Dashboard
    The Instance Scan dashboard is a system-wide visual representation of the health of your instance. The dashboard helps you manage and analyze the full scan results against your instance. See Instance Scan dashboard for more information.
    Quota rule
    A quota rule determines the execution threshold of a scan. The quota rule prevents the instance from running long scans. For example, any scan running longer than the threshold set by the quota rule will result in a failure. See Quota rules for more information.

    Scan types

    Instance Scan deals with the following types of scans.

    Full scan
    Execute a scan for the entire instance by selecting Execute Full Scan. Implementing a full scan runs all the active checks present in your instance.
    Point scan
    Execute all applicable checks against a single record, update set, or an application by selecting Run Point Scan. For example, if you execute a point scan against a business rule, only the checks that are applicable to the business rule table run, and only that single target record is scanned. If you execute an update set scan or an application scan, all records related to that update set or application are scanned. See Execute an app scan and Execute an update set scan for more information.
    Test scan
    Execute a test scan to verify if the check works as expected. The test scan enables you to test a single check instead of a full scan by selecting a single check and selecting Test Check on the Check form.

    Roles

    Instance Scan has the scan_user role that can run different types of scans and view the findings and results.