[Music] i'm chris tessie with glad fast consulting today we're going to be going over a tutorial on how to extend discovery and service mapping patterns to bring back additional data into the seem to be that you know some of the other box patterns may not provide i'll be walking through some steps that would typically be done to extend a discovery pattern to also pull back details from the antivirus software that's installed on the system today i'm working in an instance that is running the paris release although the pattern extension functionality has been available since the london release so if you're using an older version of servicenow the procedure could potentially still be the same so what we'll start by doing is looking at our class model definitions for the server class and what we've done here already is added a couple additional attributes on that class to store the details from the antivirus extension that we'll be creating so let's select the attributes tab and look at the added column you can see here we've already defined two fields one to store the antivirus signature when it was last updated timestamp and then also one to store these antivirus signature version details since we've defined these attributes let's go ahead and start building our pattern extension now we can navigate to the discovery patterns and specifically we'll be adding an extension to the windows os pattern for the server devices so let's open this pattern up from the pattern designer we can see that there's already an identification section that's been defined this is where the bulk of the discovery is being performed for the windows servers inside of servicenow discovery and what we'll be doing is creating an extension section now the extension sections allow us to add additional details into these patterns without flagging them as being customer updated or modified so that way in the future when servicenow releases updates to these patterns we can actually leverage the updated version of the pattern and we'll still receive the upgrades and automatically applied into our instance so let's create a new extension section we'll just call it windows defender av select done and now we can actually open up our extension section and start building our pattern within the pattern builder interface we can actually open up a debug session to start testing out our pattern as we're building it so i'll launch the debug mode from here we can specify a mid server and we'll just specify an ip of our target device that we're actually going to go attempt to build this pattern against and discover so we'll select connect as this is debugging you'll see it's going to run through the previously mentioned identification section to ensure that we've passed all the necessary details on that particular server we're able to identify it as a windows server before we can start debugging our pattern extension section so let's let this run and we'll come back to it in a minute once the debug session has completed and we are connected to it okay now that a debug session has completed we can actually see on the right hand side of the pattern designer some of the attributes that have come back from just the identification section so we can see details about the server itself serial number and name and other details that were brought in from the identification section part of this pattern from here what we can do is actually start building our pattern so what we'll do is parse command output step within our pattern since we already know that this is using windows defender antivirus we know the commands that we need to issue which is just simply a powershell command so first i'll just provide a name to my step now depending on your antivirus software there may be different command that you can run some of the details sometimes can be parsed out from configuration files or registry keys refer to the software vendor's documentation to determine how you can pull those details out in this particular example if we're using windows defender antivirus we can actually just issue this powershell command we'll run the command to verify the output here we can see we've actually retrieved the details from this particular server since we have an active debug session and what we'll do is parse out the details from this particular result we're just going to use a properties file there's many different methods to actually parse command details out and config files in the pattern builder so in this example we'll first create a table to store our variables and then we can actually do this manually just by highlighting the actual variables that we're looking for there are also a number of methods different methods to parse these details out in this example here we're going to pull this value for the antivirus signature last update details and we'll name that av last update and we'll also pull out the antivirus signature version details and the same thing you can highlight it and just pull out that particular property now we can see our two attributes are highlighted this means we parse them out correctly and from here we can actually create a new step below and our next step what we'll be doing is actually inserting those attributes back into this be cmdbci record so we'll rename our step and for a horizontal discovery pattern we'll actually be using a transform table operation if this was a service mapping pattern we can simply use the set parameter value operation to insert the attributes directly into that class now what i'll do here is just search on my right hand side here previously we showed you the two attributes that we've created on the server class here we can see inside of the attribute viewer here these are the two attributes we'll be populating we scroll down below in the temporary variable section we can see the previously created av details table that we created to store those attributes temporarily so scrolling down we can see the av details temporary table and if i open that up we can actually see that the two attributes that we parsed out in the previous step are visible on this table so we know that we've parsed them out correctly from here we define our source table which is our av details temporary table and our target table which is going to be seem to be ci when server and here we can define exactly which tables we want to map to so in our windows server table we had defined you antivirus signature version and the value we can either drag this in from the av details temporary variable on the right or we can start typing it in av details and this is our version attribute we'll add the next attribute you antivirus signature last updated version and the same thing will populate our attribute from here we can actually test our step and we can see here the av version detail has been populated where the antivirus signature version has been populated and as well as the last updated fields are being populated into the server okay from here we can go ahead and save our pattern now that our pattern has been saved and is activated inside of our instance we can go ahead and actually run a horizontal discovery against this target so from the discovery schedule section we'll select quick discovery and initiate the quick discovery against our target we'll wait for our discovery to complete it on this host okay now we can see that our discovery is completed against this target device you can scroll down select the devices tab and let's look at the ci in the cmdb now we've already modified our form to add our two new custom attributes into this view so we can see here the antivirus signature version has been populated and the antivirus signature last updated timestamp has also been populated now this data can be controlled in terms of access it's made visible to if you want to just restrict the access to you know security teams that's possible as well in the servicenow instance lastly since the data is in service now we do have you know multiple use cases that can potentially benefit from this type of information and we can apply additional audit compliance rules on top of this data to ensure that you know our antivirus definitions are updated on a frequent basis as well we can track that through reports and dashboards inside of servicenow that's it for today's tutorial thanks for watching you