Blog
Intelligent CMDB Meets Real-Time Analytics
ExtraHop + ServiceNow CMDB
Dan Tucholski
February 20, 2019
Integrating real-time Enterprise Cyber Analytics from ExtraHop with ServiceNow's best in class IT service management helps you maintain an up-to-date CMDB, streamline workflows, increase security, and speed up incident resolution by hours or even days.
The ExtraHop CMDB Integration for ServiceNow enables you to send updates about all devices that are auto-discovered and auto-classified by your Discover appliance on your network to your ServiceNow CMDB in real-time. This allows for a faster time to CMDB readiness which in turn enables responsive and agile IT for your business. In addition to speed, quality matters and with ExtraHop passively monitoring your high fidelity wire data it leads to you having a trustworthy and actionable CMDB.
How the ExtraHop + ServiceNow Integration Works
The heart of ServiceNow lies within the Configuration Management Database, better known as the CMDB, which is primarily a data repository used to store information describing configuration items, or CIs, in addition to asset-related information and relationships between the CIs.
So, what exactly is a CI, you may ask?
You can think of a CI as a uniquely identified component used to deliver a service for which changes are controlled. A CI can be a physical entity like a server, a logical entity like an application, or an operational construct like a cluster of servers. In this integration we create CIs in the CMDB that represent network devices auto-discovered and auto-classified by your Discover appliance on your network.
Tying It All Together
The CMDB is the core of the ServiceNow ecosystem that glues together all change management requests, incidents, events, alerts, and so on by tying them back to the CIs that they're associated with. This allows for faster remediation and deeper insights such as, which device is involved in the most incidents or which servers are causing the most alerts.
Here's an ExtraHop scenario to help visualize the value:
Imagine that you have a Potential Data Exfiltration detection appear in your Reveal(x), which is configured to automatically create an event in your ServiceNow instance based on each detection. After receiving the detection, your ServiceNow intelligently generated an alert based on the detection and took it a step further by automatically correlating it with the CI representing the ExtraHop discovered device that was performing the data exfiltration.
This workflow enables your analysts to have the investigative information they need directly in ServiceNow and related to the correct CIs to perform further investigations, change management, and even automated response.
But, this scenario only works when you have a truly up-to-date CMDB that reflects the current state of your IT environment. This is precisely where the ExtraHop CMDB Integration for ServiceNow comes into play by enabling you to send updates about all devices monitored by your Discover appliance on your network to your ServiceNow CMDB in real-time.
For active devices within your Discover appliance there will also be an associated CI created within your ServiceNow CMDB as an ExtraHop Discovered Device.
In addition to populating and updating the ExtraHop Discovered Devices table in your CMDB, the integration also enables the following features, as seen in the screenshot above, in your ServiceNow instance:
- List and search all network devices discovered by ExtraHop
- Quickly find devices that were discovered by ExtraHop within the last 24 hours
- Filter devices by their role and protocol activity
- View detailed device information, such as client and server protocol usage
- Access the device in the Discover appliance with a single click to begin an investigation
Discover more