Network Intrusion Detection System (NIDS) CI extension class

  • Release version: Yokohama
  • Updated October 20, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Network Intrusion Detection System (NIDS) CI extension class

    The Network Intrusion Detection System (NIDS) CI extension class enhances the Configuration Management Database (CMDB) by modeling passive network monitoring appliances and their relationships with detected network devices. Managed by an NIDS Manager, this system creates "detects::detected by" relationships between NIDS sensors (parent CIs) and discovered devices (child CIs). This extension is part of the CMDB CI Class Models application, enabling Discovery and Service Mapping Patterns to leverage these class models during CI population and technology discovery.

    Show full answer Show less

    Key Features

    • New NIDS Class: The cmdbcinids class extends the cmdbciidsnetwork class and represents network intrusion detection systems that monitor all network traffic.
    • Class Columns: The NIDS class includes specific attributes such as:
      • NIDS source ID: Unique correlation identifier for each NIDS device.
      • NIDS source name: The name of the NIDS device.
      • Network type assignment: Specifies whether the device belongs to IT or OT networks.
      • NIDS assignment site: Represents the ISA site assigned to the NIDS, visible to users with ISA Admin roles.
    • Roles and Access Control: The cmdbnidsadmin role governs creation, reading, updating, and deletion of NIDS OT records and controls access to the NIDS application menu.
    • Relationship Management: Using the ServiceNow Operational Technology Certified Service Graph Connector, CIs detected by NIDS are enriched with metadata including location, company, and user/group associations.
    • OT Network Specific Handling: For devices on OT networks, an OT device CI is created and linked, with zone and site assignments set accordingly. If Industrial Process Manager is installed, site assignment is managed specifically.
    • Life Cycle Stage Utilization: The life cycle stage and status indicate sensor learning mode, affecting validation success:
      • Learning Mode status means validation is unsuccessful.
      • In Use status means validation is successful.

    What This Enables ServiceNow Customers To Do

    By implementing the NIDS CI extension class, customers can accurately model network intrusion detection systems and their discovered devices within their CMDB. This facilitates enhanced visibility into network security appliances and their detected assets, supports automated discovery and service mapping, and integrates OT device management with enriched metadata and role-based access control. This leads to improved operational technology security oversight and comprehensive asset relationship tracking across IT and OT environments.

    The Network Intrusion Detection System (NIDS) [cmdb_ci_nids] class builds the relationships between passive network monitoring appliances, and the devices on the network that it discovers.​ A NIDS Manager manages the NIDS sensors that detect the devices and builds "detects::detected by” relationships between the NIDS records (parent) and the CIs it discovers (child).​

    The CMDB CI Class Models app adds class models that extend the CMDB class hierarchy, including class descriptions, identification rules, identifier entries, and, if applicable, dependent relationships. You can use the added classes just like any other CMDB class. Applications such as Discovery and Service Mapping Patterns can use the class extensions to populate CIs and discover technologies and software.

    This topic lists the relevant classes that the CMDB CI Class Models store app adds or updates. See the class columns table for further details about the columns added for each class.

    See the full release notes for all CMDB CI Class Models.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Network Intrusion Detection System (NIDS) schema structure​

    NIDS schema structure.

    Classes

    This section lists the classes that the CMDB CI Class Models store app adds or updates.See the class columns table for further details about the columns added for each class.

    CMDB CI Class Models: Release 1.30 adds the following classes for the Network Intrusion Detection System (NIDS). For the list of classes in the base system, including classes that this app might extend, see CMDB tables descriptions.
    Class Extends Description
    Network Intrusion Detection System (NIDS) (cmdb_ci_nids) cmdb_ci_ids_network NIDS is an intrusion detection system within the network that examines the traffic from all devices on the network. NIDS scanners build relationships between the OT network scanning appliances, and the OT devices on the network.​ An NIDS Manager manages the NIDS sensors.​

    Class columns

    CMDB CI Class Models: Release 1.30 adds the following columns to the Network Intrusion Detection System (NIDS) [cmdb_ci_nids] class.

    Table 1. Network Intrusion Detection System (NIDS) [cmdb_ci_nids] class
    Column label Column name Description
    NIDS source ID Correlation_id Identifier of the NIDS device. Uses the assigned Correlation ID for the NIDS as its nids_source_id.
    NIDS source name nids_source_name Name of the NIDS device.
    Network type assignment network_type_assignment Designates if the device is on an IT or OT network.
    NIDS assignment site isa_entity_site ISA site assigned to the NIDS. This information is available when the logged in user has an assigned ISA Admin role.

    Roles and Access Control Logic (ACLs)

    The NIDS Admin (cmdb_nids_admin) role is associated with the Network Intrusion Detection System (NIDS) [cmdb_ci_nids] class: Can create, read, update, and delete Network IDS (NDIS) OT records. To view the Network IDS Application selection on the application menu, you must have this role.

    Key relationship structure

    For each CMDB CI record with a “Detected by” relationship with an NIDS record, a ServiceNow Operational Technology Certified Service Graph Connector does the following:

    1. Assigns the following NIDS-related metadata values to the CI:
      1. Location
      2. Company
      3. Related users (Owned by, Managed by, Supported by, Assigned to)
      4. Related user groups (Approval group, Managed by Group, Support group, Change group)
    2. If the NIDS network type is set to OT, it assigns the following NIDS-related metadata values to the CI:
      1. Creates an OT device (cmdb_ot_entity) record for the CI, using the cmdb_ot_entity reference on the CI.
      2. Assigns the NIDS assignment zone to the OT device record.
      3. If the Industrial Process Manager is installed, assign the NIDS assignment site to the OT device record.
    3. Life Cycle Stage and Life Cycle Stage Status values for the CI are used to capture the learning mode of a sensor.
      • If Life Cycle Stage is Operational and Life Cycle Stage Status is Learning Mode, then validation is unsuccessful.
      • If Life Cycle Stage Status is In Use, validation is successful.