IT Discovery for OT Networks

  • Release version: Yokohama
  • Updated July 22, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of IT Discovery for OT Networks

    IT Discovery for OT Networks enables you to discover IT-class Operational Technology (OT) devices such as switches, routers, and computers within designated Purdue levels of your Industrial Control System (ICS) networks. This capability helps ServiceNow customers identify and manage IT devices that exist not only in data centers but also within factory environments.

    Show full answer Show less

    Discovery Scope and Operation

    Unlike standard Discovery which targets Purdue levels 4 and 5 (site business, logistics, and enterprise networks), IT Discovery for OT Networks targets Purdue levels 3.5 (Demilitarized Zone or Industrial DMZ) and 3 (site operations). These levels commonly host IT and OT class computers and servers relevant for discovery and management.

    It is important to avoid running Discovery on Purdue levels 0 through 2 to prevent disruption of critical industrial operations.

    How IT Discovery for OT Networks Works

    • Runs an OT discovery schedule over assigned IP address ranges to identify all hardware items.
    • Upon completion of discovering a configuration item (CI), triggers an internal event to verify if an OT entity record exists for it in the CMDB.
    • If an OT entity exists and attributes have changed, updates the related OT entity records; otherwise, creates new OT entity records.
    • Pushes defined attributes from the OT discovery schedule to both the CI and related OT entity records, including location data.
    • Creates OT entity records for applications installed on discovered OT devices, which can be reviewed in the Industrial Workspace under Operational Technology Applications.

    Practical Use for ServiceNow Customers

    • Create and configure OT discovery schedules to control when and how discovery runs across your ICS networks.
    • Leverage immediate Quick Discovery or full OT Discovery runs to keep your OT asset inventory up to date.
    • Use the discovered data to maintain accurate CMDB records for OT devices, supporting improved asset management, security, and operational awareness.

    Related Functions and Topics

    • Operational Technology (OT) extension classes for enhanced data modeling.
    • MID Server Discovery and horizontal discovery processes involving probes and sensors.
    • Scheduling capabilities to automate discovery processes tailored to your OT environment.

    You can run the IT Discovery for OT Networks function to discover IT class Operational Technology (OT) devices in designated Purdue levels in your Industrial Control System (ICS) networks. IT class items include switches, routers, and computers that exist both in data centers and in your factories.

    Where standard Discovery processing takes place

    The IT Discovery for OT Networks process operates in a manner that is similar to the standard Discovery processes.

    Figure 1. Targeted Purdue levels in standard and IT Discovery for OT Networks Discovery
    Targeted Purdue levels in standard and Operational Technology Discovery.

    Standard Discovery processing in the ServiceNow AI Platform® normally takes place in the following Purdue levels in your enterprise:

    Table 1. Processed Purdue levels
    Purdue Level Description
    4 Site business and logistics, such as all Information Technology (IT) functions.
    5 Enterprise Network, where Enterprise Resource Planning (ERP) functions take place.
    Note:
    To learn more about Purdue levels in Industrial Control Systems, see https://subscription.packtpub.com/book/networking_and_servers/9781788395151/1/ch01lvl1sec10/the-purdue-model-for-industrial-control-systems.

    Where and how IT Discovery for OT Networks processing takes place

    In contrast, IT Discovery for OT Networks processing can take place in the following Purdue levels, depending on which you select when you create an OT discovery schedule:
    Table 2. Processed Purdue levels
    Purdue Level Description
    3.5 Demilitarized Zone (DMZ) or Industrial Demilitarized Zone (IDMZ). Similar to a traditional (IT) DMZ, the OT-oriented IDMZ enables you to securely connect networks with different security requirements.
    3 Site operations where plant or site-wide control and monitoring functions reside.
    You typically run IT Discovery for OT Networks in the DMZ (or IDMZ, Purdue Level 3.5) of your ICS networks. This Purdue level is where there are usually IT and OT class computers and servers to discover and manage.
    Note:
    To avoid the possibility of disrupting your industrial operations, you should not run Discovery processes against Purdue levels 0 through 2 in your ICS networks.
    Figure 2. IT Discovery for OT Networks processing
    IT Discovery for OT Network processing.

    When you run an OT discovery schedule, it performs the following processing:

    1. Proceeds through the assigned IP addresses and discovers all hardware items that exist in it.
    2. When it completes discovery of a configuration item (CI), it internally triggers a (discovery.device.complete) event. This logic checks if an OT entity (cmdb_ot_entity) record exists for it in the Configuration Management Database (CMDB).
      • If one exists, and any related attributes have changed for the discovered item, it updates the OT Entities that are related to that CI.
      • If one does not exist, it creates one for it.
    3. In addition to the location attribute, it also pushes the defined attributes from the OT discovery schedule to the CI and to the related OT entity records.
    4. It also creates OT entity records for the applications installed on discovered OT devices. To view the applications that have OT entity records created through IT Discovery for OT Networks, navigate to the Industrial Workspace list view and open the Applications list under Operational Technology (OT).