In the Frankensteinian spirit of Halloween this blog post covers how to make your inanimate IT Inventory post messages to your ServiceNow Live Feed (think activity stream or twitter-esque internal micro blogging feed). In this example the BDNA normalized inventory posts to the ServiceNow Live Feed when new instances of non-approved software appear in the environment.
This example could easily be modified to have the inventory post to the Live Feed when specific vulnerable products show up (think poodle sslv3 vulnerability CVE-2014-3566, OpenSSL Heartbleed CVE-2014-0160, or one of the bash shellshock cve ids). Or perhaps modify this example to post to the Live Feed when a product in the inventory reaches its oboslete date that week. The alignment of known vulnerabilities to your inventory is made possible by the Technopedia CPE content pack. The CPE content pack maps known vulnerabilities published by the National Vulnerability Database to the corresponding raw data discovered by your discovery tools for the affected products. Obsolete dates are part of the Technopedia Lifecycle content pack and kept up to date by BDNA’s Content Researchers.
In this example we use the user defined approved/non-approved status of software products for BDNA to mash up to the raw discovery data that it cleans and categorizes. Identifying software standards helps control software spend, employee productivity, data breaches, and security. BDNA helps organizations in the process of defining what’s approved/not approved by providing clean inventory reports aligned with market data such as linked vulnerabilities and obsolete/eol dates. In addition BDNA categorizes the software so that you can see which products within a particular category (e.g., relational databases, BI Tools, or Java Application Servers) are most widely deployed (over 360 hardware and software categorizations). Once an organization goes through the initial effort to define the standards BDNA continues to assist by automating the alignment of this approved/non-approved designation to the latest inventory on an on-going basis. Once standards are defined it is imperative to enforce these standards (e.g., accountability, peer pressure, status reports, etc.). In this example the non-approved software is made public to all by posting it to the corporate Activity Stream (i.e. ServiceNow Live Feed).
To align the approved /non-approved status to your inventory you first need to run a BDNA Normalize job on the desired inventory sources (e.g., Microsoft SCCM, ServiceNow Discovery, HP UD, etc.) and correspondng mashup sources (i.e., the approved or non-approved software list).
Next from within ServiceNow create a jdbc data source to execute the specific sql query against the BDNA database with the normalized and mashed up results (SQL below leverages SW mashup table).
Next schedule the data import in ServiceNow for an interval that makes sense for your Normalize refresh interval (e.g., if you normalize inventory sources weekly then run this import weekly as well).
Set up the transform map which will map the imported data to the ServiceNow table created to store non-approved software (and the table we will later set the Live Feed notification rule on).
Now that the import from the BDNA database with the clean and enriched data is scheduled you can follow the steps outlined on the ServiceNow wiki for enabling Live Feed notifications
First you set up your Live Feed table notifications:
Then set up the business rule to trigger the auto update:
That is it! You now have scheduled updates to your Live Feed based on events you define via sql on your normalized and enriched inventory. In this example we also leveraged the ServiceNow Social IT feature of tagging. When events are posted to the Live Feed we have it tag these Live Feed events as “#nonapproved”. This lets us easily view all related posts and products tagged as nonapproved (e.g., auto posted events as well as input from users or related documents tagged similarly).