Agent Client Collector Spoke

  • Release version: Yokohama
  • Updated April 29, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Agent Client Collector Spoke

    The Agent Client Collector (ACC) spoke in ServiceNow automates command execution on agents or configuration items (CIs) where the ACC framework is installed. It sends output data to the ServiceNow instance via the MID Server, enabling centralized management and monitoring of remote systems.

    Show full answer Show less

    This spoke requires an Integration Hub subscription and depends on several plugins, including the Agent Client Collector Framework v2.2.0 and IntegrationHub components. Proper licensing is necessary for some dependent features.

    Key Features

    • Command Execution: Run commands and Osquery on agent hosts securely through the MID Server.
    • Agent Management: Actions to get agent status, restart agents, and install the ACC framework on Linux or Windows hosts.
    • System Information Retrieval: Collect data such as logged-on users, network statistics, running processes, running Windows services, and detailed hardware/software system information.
    • Sample Subflows: Prebuilt automation samples include compliance management for remote workers, agent restarts based on status, cyberattack detection alerts, and agent installation on multiple hosts.
    • Security Configuration: Requires setting ACCALLOWLIST to 0 (Linux) or False (Windows) to enable command execution.
    • IP Range Configuration: Installing agents via spoke actions requires specifying allowed CIDR ranges for IP addresses.
    • MID Server Requirements: A MID Server configured with PowerShell is necessary to execute spoke actions remotely.

    Key Outcomes

    • Streamlined automation of system management and monitoring tasks across distributed agent hosts.
    • Improved compliance and security posture through predefined workflows and cyberattack detection integrations.
    • Centralized control over agent lifecycle operations such as installation, status checking, and restarts.
    • Enhanced visibility into system state and user activity on remote hosts, aiding IT operations and incident response.

    Automate the process of executing commands on agents or configuration items (CI) using the ServiceNow Agent Client Collector spoke. Agent Client Collector framework allows you to execute commands on the systems where it is installed and sends output data to the ServiceNow® instance through the MID Server.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Integration Hub subscription

    This spoke requires an Integration Hub subscription. For more information, see Legal schedules - IntegrationHub overview.

    Spoke version

    Agent Client Collector spoke v1.2.0 is the latest version.

    Supported versions

    This spoke was built for Agent Client Collector framework v2.2.0, but may be compatible with later versions.

    Spoke dependencies

    If you’re having trouble installing the app, ensure that these dependent plugins are installed:
    • ServiceNow IntegrationHub Runtime (com.glide.hub.integration.runtime)
    • ServiceNow IntegrationHub Action Step - REST (com.glide.hub.action_step.rest)
    • Complex Object (com.glide.cobject)
    • ServiceNow Flow Designer - Dynamic Inputs (com.glide.hub.dynamic_inputs)
    • ITOM Visibility License (com.snc.itom.vis.license)
    • Agent Client Collector Framework v2.2.0 (sn_agent)
      Note:
      To enable Agent Client Collector to execute commands, ensure that ACC_ALLOW_LIST=0 for Linux environments or ACC_ALLOW_LIST=False for Windows environments.
    Note:
    Some of these plugins are licensable features and require appropriate licenses, if used outside the spoke implementation.

    Spoke requirements

    MID Server. For more information, see MID Server.

    Spoke subflows

    The Agent Client Collector spoke provides sample subflows to demonstrate automating Agent Client Collector framework tasks. To customize a sample subflow, copy it to a new application scope. Available sample subflows include:

    Subflow Description
    Managing Compliance for Remote Workers Manages compliance for remote workers and sends an email to the system administrator when one or more specified compliance conditions are violated.
    Restart Agent Verifies the status of an agent and restarts the agent if the status is down.
    SNH CyberAttack Detection Applies SigHealth CyberAttack Detection for Windows server and send an email to the system administrator when a threat is detected.
    Install Agent on Linux Installs Agent Client Collector on a Linux hosts.
    Install Agent on Windows Installs Agent Client Collector framework on multiple windows hosts.

    Spoke actions

    The Agent Client Collector spoke provides actions to automate Agent Client Collector tasks when events occurs in your ServiceNow instance. Available actions include:

    Action Description
    Get Agent Status Get the status of an agent.
    Get Logged on Users Retrieves the list of all logged-in users and the related metadata for the specified host system.
    Get Network Statistics Retrieves the list of all network interfaces and the related metadata for the specified host system.
    Get Running Processes Retrieves the list of all running processes and the related metadata for the specified host system.
    Get Running Services Retrieves the list of all running services in Windows OS and the related data for the specified host system.
    Get System Details Retrieves the hardware and software details of the specified agent.
    Restart Agent Restarts an agent.
    Run Command on Agent Runs a command on a given agent host.
    Note:
    Use caution while executing commands.
    Run Osquery on Agent Runs the specified Osquery on the specified agent host.
    Install Agent on Linux Installs Agent Client Collector framework on a Linux host.
    Install Agent on Windows Installs Agent Client Collector framework on windows host.
    Note:
    To use the Install Agent on Linux and Install Agent on Windows spoke actions, navigate to Agent Client Collector Spoke > CIDR Ranges, create a record to specify the required IP address or range of IP addresses.

    For information about setting up the spoke, see Set up the Agent Client Collector spoke.

    MID Server requirements

    To use these actions, your instance must have a MID Server set up and configured to use PowerShell. For more information about running actions on the MID Server, see Integration steps. For more information about the MID Server, see MID Server.

    To set up the MID Server for this spoke, see Set up MID Server for a spoke.