This article summarizes what types of asset attributes can be enriched from our connector with ServiceNow CMDB, and the benefits of using that enriched data in policy.
ServiceNow Integration with Elisity
Our Integration is designed to provide two major benefits:
- Provide contextual data from CMDB into CCC to help our SecOps user persona to understand operational context about a device
- Enable customers to distinguish rogue devices from enterprise-managed and apply differentiated policies to them. By rogue devices, we mean devices of types that we have accurately identified – but which may not be owned or managed by our enterprise customer.
ServiceNow integration is similar to our Medigate integration in overall operation.
There is one minor difference. When we discover a new endpoint, we will take attributes MAC and IP which uniquely identify the device and query ServiceNow. If MAC and IP together do not have a match in ServiceNow, we will query with MAC address alone, and finally the IP alone.
To reiterate, when a new device comes online, Elisity will query ServiceNow with the following attributes in order of precedence.
- MAC + IP Address
- MAC Address
- IP Alone
If an asset in ServiceNow is matched based on one or multiple of these attributes, the additional attributes which may be available will be merged with the information we gleaned through device discovery.
Below is a map of how attributes map from ServiceNow to Elisity's Cloud Control Center.
Our integration takes into account of the potential situation where an endpoint was known in CCC before ServiceNow integration was enabled.
In such cases, ServiceNow will be queried the next time that device is attached to the network, even if it was not considered ‘new’ in CCC.
Admin-initiated refresh of device info from ServiceNow:
In addition to the usual operation of querying ServiceNow for newly-discovered devices, device classification info pulled from ServiceNow can be refreshed:-
- on demand for any specific device
- on demand for all devices
If ServiceNow functions are deployed after Elisity, admin-initiated refresh(es) will need to be triggered from CCC when the CMDB has been populated.
If ServiceNow is used prior to an Elisity deployment and the CMDB is populated, admin intervention should not be necessary.