Discovery device classification After it detects active devices in your network using a port scan (Shazzam probe), ServiceNow Discovery attempts to classify the devices so that it can gather additional information. ServiceNow Discovery launches classify probes that query devices to find out such things as operating system and version information. The following classify probes are included with the platform: Probe Description UNIX - Classify SSH commands for all UNIX operating systems. ServiceNow Discovery supports SSH protocol, version 2 only. CIM - Classify Classifies all known systems represented within a single CIM Object Manager (CIMOM). SNMP - Classify SNMP commands for all network devices, such as printers, routers, or UPS. Windows - Classify WMI commands for all Windows machines How device classification works When Discovery is initiated, the Shazzam probe is launched to detect open ports on devices in the network. The data returned is used by the Shazzam sensor to identify certain characteristics about these devices based on the activity known to exist on these ports. For example, UNIX-based operating systems communicate with the SSH protocol over port 22, and Windows communicates with the WMI protocol over port 135 or higher. Discovery makes certain assumptions about the devices, applications, and processes running on these ports and launches the appropriate classification probes to find out more. Classification sensors process the data returned from the probes and compare it with configured criteria for each class of device. At this point, classification varies, depending upon the type of scan selected and the version of ServiceNow ITSA Suite being used. Process classification occurs during the exploration phase of Discovery, after device classification. For more information, see Discovery process classification. Deactivated SNMP classifiers The following SNMP classifiers are deactivated. These systems continue to be discovered through other categories of classifiers, such as the UNIX or Windows classifiers. For an active list of SNMP classifiers, navigate to Discovery Definition > CI Classification > SNMP. Windows XP Windows Vista Windows 2000 Windows 2003 Standard Windows 2003 Enterprise Windows Linux Solaris HP-UX AIX Mac OS X The Generic Host SNMP classifier is removed from Discovery. Logging classification debugging information To log debugging information about classifications, add the following system property. The resulting log entries list the name of each classifier that runs, along with all the names and values that are available to the criteria in the classifier. System Property Description glide.discovery.debug.classification Enables debugging information for process classification. Type: true | false Default Value: false Location: Add to the System Properties [sys_properties] table How Discovery device classification worksDevice classification occurs only when a Discovery Schedule is configured to discover configuration items (CI). This scan type enables Discovery identifiers and is the only scan that can be used to update the CMDB.Create a Discovery CI classificationA CI classification allows Discovery to discover most common operating systems, network devices, and processes.Discovery classification criteriaThe classification criteria for a device classification includes a parameter, an operator, and a value. Enable device classification using Windows Remote ManagementAdministrators can configure the discovery of Windows hosts using the Windows Remote Management (WinRM) protocol.Reclassify a Windows Workstation machine as a serverBy default, ServiceNowDiscovery automatically classifies computers using certain Windows operating systems as workstations. However, some organizations might want specific computers in their network that are acting as servers to be classified by their function and not their operating system.