Using push-based Discovery and SAM together

  • Release version: Yokohama
  • Updated January 30, 2025
  • 6 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Using push-based Discovery and SAM together

    This content explains how ServiceNow customers can leverage the Agent Client Collector for Visibility (ACC-VC) alongside Software Asset Management (SAM) to optimize software data collection using push-based Discovery. It covers how ACC-VC collects installed software data, supports SAM basic metering and total usage metrics, and integrates software usage information into the ServiceNow platform for improved software lifecycle management.

    Show full answer Show less

    Key Features

    • Integration with SAM: ACC-VC collects last accessed times and software usage data, populating the Software Update [sampswusage] table when the SAM plugin is enabled.
    • SAM Basic Metering: Supported starting ACC-VC version 2.2.0 for Windows and macOS, it tracks last usage of software by querying the UserAssist registry key on Windows. Requires specific registry permissions for the servicenow user to read this data.
    • SAM Total Usage Metrics: From ACC-VC version 3.3.0, supports measuring total usage time and count of applications with enabled software reclamation rules. It requires manual deployment of the osqueryd daemon on target systems to run scheduled queries and log usage data.
    • Domain Separation: Software usage records are domain separated based on the MID Server domain, enabling accurate user mapping in complex environments.
    • Software Edition Information: Supported from ACC-VC 2.3.0 for Adobe Acrobat and MS SQL Server, providing visibility into software editions using osquery commands.
    • Non-Osqueryd Data Collection Option: To improve efficiency, data collection can be performed without deploying osqueryd by enabling a system property, applicable for agents version 4.1.0 or later.

    Configuration and Requirements

    • Enable the SAM plugin (com.snc.samp) and set system property snaccviscontent.persistsamusagemetrics to true to activate SAM metering features.
    • For Windows SAM basic metering, configure registry keys StartTrackProgs and StartTrackProgsBase under HKEYCURRENTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced with hexadecimal value 1 to enable tracking.
    • Grant READ permission for the servicenow user to the UserAssist registry key for each user to allow reading last accessed times.
    • Deploy and configure the osqueryd daemon service on Windows/macOS for total usage metrics, including necessary config files and flags. A PowerShell script example for Windows installation and configuration is provided.
    • Use system properties like snaccviscontent.columnnameforusermapping to specify domain-qualified usernames for user mapping in domain-separated environments.
    • For software reclamation rules, control whether to disable rules for licensable software using snaccviscontent.disablesamreclamationrulesforlicensablesoftwares property.

    Key Outcomes

    • Accurate and efficient collection of software usage data, including last accessed time and total usage metrics, aiding software license compliance and optimization.
    • Improved software reclamation processes through integration with usage data, enabling better license management.
    • Visibility into software editions for selected products, helping SAM administrators understand software deployments in greater detail.
    • Flexibility to choose between osqueryd-based or non-osqueryd data collection methods depending on environment and agent versions.
    • Domain-aware software usage reporting supports organizations with multiple user directories and complex domain structures.

    Additional Considerations

    • When discovering MSSQL components, run Discovery as a local system user.
    • Use the same discovery source "ServiceNow" for both push-based and horizontal IP-based Discovery to avoid duplicate software installation records.
    • Ensure proper OS permissions for the servicenow user or equivalent system accounts depending on the platform.
    • Refer to the Knowledge Base article KB1642676 for detailed SAM metering setup with ACC-VC, and the support KB0721360 for software edition information specifics.

    Agent Client Collector for Visibility - Content (ACC-VC) collects installed software data for use cases for Software Asset Management (SAM), when the SAM plugin is installed. Using push-based Discovery and SAM together can help optimize software data collection with SAM basic metering and SAM total usage metrics.

    ACC-VC can capture the last accessed time for the software or applications that are installed on the target via push-based Discovery. This information along with the target CI reference, is added to the Software Update [samp_sw_usage] table.

    Starting in ACC-VC version 2.2.0, SAM Basic metering is supported for Windows and macOS.

    Starting in ACC-VC version 3.3.0, SAM total usage metrics is supported for Windows and macOS.

    The software usage records are domain separated. The records are populated with the domain of the MID Server that is used for the agent-based Discovery for the target.

    Note:
    For software installations (cmdb_sam_sw_install), to avoid insertion of duplicate records, the same discovery source "ServiceNow" is being used for both push-based Discovery and horizontal IP-based Discovery.

    When using ACC-VC to discover MSSQL components, run Discovery as a local system user.

    Requirements

    SAM basic metering and SAM total usage metrics
    For SAM basic metering and SAM total usage metrics, the non-privileged servicenow user (which the agent service logs on as) must be configured with READ only access in the registry. This access allows for successful execution of the OSQuery against the UserAssist table to be successful. Go to regedit and allow the servicenow user to read UserAssist for a user account on the device (for example: HKEY_USERS\SID...\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist for every user in HKEY_USERS).
    Note:
    The UserAssist key does not inherit permissions from the HKEY_USERS\SID... parent key. Therefore, you must navigate to the UserAssist key and add permission directly on the key.
    To apply SAM basic metering or SAM total usage metrics, you need the following:
    • SAM plugin (com.snc.samp) enabled
    • System property [sn_acc_vis_content.persist_sam_usage_metrics] set to true. See System properties for more details.

    For details on SAM metering setup with the Agent Client Collector, see the Knowledge Base article KB1642676.

    Software edition information
    To retrieve software edition information, you need the SAM plugin (com.snc.samp) enabled.

    SAM basic metering

    Note:
    There is a configuration in the Windows operating system level that does not allow the correct detection of the data. Update the configuration so that the data can successfully be collected by the ACC-VC agent and brought to the ServiceNow platform correctly. In the Registry Editor, create the following keys in the path: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced.
    • Name: Start_TrackProgs
      • Base: Hexadecimal
      • Value:1
    • Name: Start_TrackProgsBase
      • Base: Hexadecimal
      • Value:1
    Figure 1. SAM basic metering flowchart

    For the list of software in the payload, query the Software Discovery Model [cmdb_sam_sw_discovery_model] table to fetch the corresponding product and publisher. Once the product is fetched, check if the reclamation rule is enabled for that product to persist the last usage information in the Software Usage [samp_sw_usage] table. See the flowchart for details.

    Describes the flow how SAM works with ACC-VC for basic metering
    Note:
    In the target, query the last accessed time from the UserAssist table via the OSQuery by taking the application or software name as the input to the Query.
    Use the sn_acc_vis_content.disable_sam_reclamation_rules_for_licensable_softwares property to define reclamation rules for licensable software, as follows:
    • True: Disable invoking reclamation rules for licensable software. SAM usage continues for all licensable software and for non-licensable software with defined reclamation rules.
    • False: Store SAM usage according to defined reclamation rules.
    Common applications supported include:
    • WinZip
    • Google Chrome
    • Sublime Text
    • Notepad++
    • Autodesk
    • Microsoft Office 365
    • Tableau

    SAM total usage metrics

    SAM total usage metrics allows you to measure total usage time and total usage count on any application that has a software reclamation rule enabled.

    Osquery provides a daemon executable which can run as a service, called Osqueryd. Osqueryd needs to be manually deployed for SAM total usage metrics to work properly. Each Osqueryd deployment requires the osquery.conf file, optional external packs, and initialization flags (configured in osquery.flags file) provided when starting the service. In return, the daemon service runs scheduled queries on the host and logs it into a local file system.

    Note:
    Osquery supports filesystem-based logging by default. This configuration is provided in the osquery.conf file on any fresh Osquery installation.

    Domain information can be collected during the data collection. This can help large organizations with multiple employee directories map software to the correct user. Currently, this is supported for Windows only. To map the software usage/assigned_to with the correct user in a domain separated environment, use the system property [sn_acc_vis_content.column_name_for_user_mapping] with a valid field name. By default, the value of this system property is empty which means it only validates the username and not the domain. You can use either of the following formats to validate username and domain: username@domain or domain\username.

    Figure 2. SAM total usage metrics flowchart

    Using the list of processes, you can perform SAM normalization to map the processes for the relevant installed software records. This provides flexibility since installed software names and processes are not usually the same. For the list of processes in the payload, query the Software Discovery Model [cmdb_sam_sw_discovery_model] table and Software Product [samp_sw_product] table to fetch the corresponding product and publisher. Once the product is fetched, check if the reclamation rule is enabled for that product to persist the total usage time in the Software Usage [samp_sw_usage] table. See the flowchart for details.

    Describes the flow how SAM works with ACC-VC for total usage metering
    install and configure Osqueryd for Windows using the following script. 
    # Install latest osquery

$msi = "osquery-5.7.0.msi"
$url = "https://pkg.osquery.io/windows/$msi"
$dst = "$PSScriptRoot\$msi"
Invoke-WebRequest -Uri $url -OutFile $dst
# msiexec /i "$dst" /quiet /qn /norestart
Start-Process msiexec.exe -Wait "/i $dst /quiet /qn /norestart"

# Configure osqueryd service

$flags = "--logger_rotate=true
--logger_rotate_size=26214400
--logger_rotate_max_files=1
--watchdog_level=-1
--config_path=C:\Program Files\osquery\osquery-sam.conf"
Set-Content -Path 'C:\Program Files\osquery\osquery.flags.default' -Value "$flags"

$conf = @'
{
  "options": {
    "config_plugin": "filesystem",
    "logger_plugin": "filesystem",
    "utc": "true"
  },
  "schedule": {
    "sam_process_info": {
      "query": "SELECT name, pid, elapsed_time, start_time, user_time, system_time, username FROM processes p JOIN users u ON u.uid = p.uid WHERE p.elapsed_time != -1 AND u.type != 'special';",
      "snapshot" : true,
      "interval": 300
    },
    "system_info": {
      "query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;",
      "interval": 3600
    }
  },
  "decorators": {
    "load": [
      "SELECT uuid AS host_uuid FROM system_info;",
      "SELECT user AS username FROM logged_in_users ORDER BY time DESC LIMIT 1;"
    ]
  },
  "packs": {
  }
}
'@
Set-Content -Path 'C:\Program Files\osquery\osquery-sam.conf' -Value "$conf"

cd 'C:\Program Files\osquery'
.\manage-osqueryd.ps1 -uninstall
.\manage-osqueryd.ps1 -install
Restart-Service osqueryd

    For details on Windows and macOS see Configure Osqueryd schedule for SAM total usage metrics and Configure Osqueryd logs for SAM total usage metrics.

    Collecting SAM metrics without osqueryd

    Optionally, you can enhance efficiency by using non-osqueryd data collection when using push-based Discovery and Software Asset Management (SAM) together. When non-osqueryd data collection is invoked, data collection is automatically performed on all available agents, instead of invoking osqueryd on each agent individually.

    To perform non-osqueryd data collection:
    1. Ensure that the following permissions are configured for the relevant OS:
      • Windows: Either NT AUTHORITY\SYSTEM or admin
      • Linux and macOS: root
    2. On the System Properties page (All > System properties > All properties), set the sn_acc_vis_content.enable_sam_collection_without_osqueryd property to true.
      Note:
      Enable this property only when all agents are version 4.1.0 or later.

    Collecting SAM metrics without osqueryd

    Optionally, you can enhance efficiency by using non-osqueryd data collection when using push-based Discovery and Software Asset Management (SAM) together. When non-osqueryd data collection is invoked, data collection is automatically performed on all available agents, instead of invoking osqueryd on each agent individually.

    To perform non-osqueryd data collection:
    1. Ensure that the following permissions are configured for the relevant OS:
      • Windows: Either NT AUTHORITY\SYSTEM or admin
      • Linux and macOS: root
    2. On the System Properties page (All > System properties > All properties), set the sn_acc_vis_content.enable_sam_collection_without_osqueryd property to true.
      Note:
      Enable this property only when all agents are version 4.1.0 or later.

    Software edition information

    Starting in ACC-VC version 2.3.0, edition information is supported for Adobe Acrobat and MS SQL server. With this feature, SAM admins can get clear visibility into the editions of their installed software. Osquery commands are used to fetch the edition information which then shows in the Software Installation [cmdb_sam_sw_install] table in the Edition Override column. For more details, see the support KB: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0721360