Is there any way for the Correlated ComputerID to be retrieved locally off a machine somehow?
I used the following article (How to output the "ID(computer id)" to text file or registry in own pc) to extract the ComputerID off OS and use that as a custom ServiceNow Discovery probe (idea being, it should give us 100% 1-to-1 match between CMDB data and BigFix for any usage irrespective when/where) and it seems to be working well - even if computerID is reset (agent reinstalled/forced reset/etc) next SN Discovery scans picks up the new ComputerID & data matches.
The problem is MultiCloud and the fact that correlated ComputerID is technically different than what the agent knows about it, so data doesn’t really match any longer…
https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Config/c_assetcorrelation.html
Note: Any client relevance expressions referring to the IDs of correlated device are not matched by any native or proxied computers, because those IDs represent logical entities that are only known to the BigFix Server. For instance, referring to the IDs of correlated devices for defining an automatic computer group or for subscribing computers to a site does not cause any computers to be included in the computer group or be subscribed to the site.
Initial Idea, create a script which will use API calls to make the following steps:
- API Call to search for all of the Native Agents that are associated Correlated Device ID - Save each result : Native Agent Computer ID, Associated Correlated Device ID
- API Call for each Native Agent Computer ID which will add Client setting “CustomCorrelatedDeviceID” with the associated device ID
If think is an overkill…
Have you looked into ServiceNow Data Flow integration ? - https://help.hcltechsw.com/bigfix/10.0/integrations/Ecosystem/Install_Config/integrations_imp_guide.html
I see the is a KB about machine correlation - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104011
In the “Machine correlaction” section in the Fundamental concepts topic, it should be added a reference to the role of the correlation_id parameter
1 Like
Thanks for the reply - I was hoping I am missing something and there is an easy way for the agent to know or maybe even has stored the correlation ID. API-script approach to it would be complicated since the scope is “all machines” - imagine writing something this specific to work against Windows, Linux (all sorts of distros), Unix (again, multiple vendors) + MacOS…
As to the use-case, I am familiar with ServiceNow Data Flows but it only covers certain extend (Platform) and with that it is not 100% reliable depending on how reliable your CMDB data is. Yes, you can build complex confidence with multiple properties (names, IPs, serial numbers, etc) but things may still not match 100% all the time and troubleshooting it (if you have done manually - why this match to that; why does this doesn’t match that) is a complete nightmare, especially IF your expectation is to match multi-result properties (it has “gaps” to say the least)! What about other use-cases though? What if you want to match Insights, Inventory, Compliance data to ServiceNow?
What we thought would be good is that if we can build a ServiceNow Discovery custom probe, which in itself is relatively simple task, to read BigFix ComputerID directly off the OS as part of discovery, even if there are duplicate computers; all sorts of CMDB data lapses; or in fact problems with any of the BigFix properties, you still have a reliable way to match data. Since the Platform computerID is also available in Inventory, Compliance, Insights it also opens the door for far bigger reach and would allow single 1-to-1 mapping key that is bigfix product suite-wide…
Thanks for your detailed response!
Did you opened a support Ticket about this?
Unfortunately, I don’t have ServiceNow to test this.
@JasonWalker @Aram - is it possible to add a member from the ServiceNow Integration Team to the discussion?
While the Native Agent is not aware of correlation IDs, the server itself is. I suppose we’d need a bit more detail into how your custom correlation would work (it doesn’t sound like you are using the ServiceNow Data Flow, but instead something custom).
If we provided a Session Relevance you could use in the REST API to map the native agent ID (as retrieved from the client) to its Correlated Agent ID (visible to Compliance and Inventory), would that be helpful?
@JasonWalker, actually you are right - it does seem that Compliance & Inventory import the child “native” computer ID, not the “parent” computer ID, which may actually work in our advantage…
Ideally, though I guess I was looking for a way for the parent computerID to be aware of and retrieve it from OS level by ServiceNow Discovery, so that data can be matchable on any level within BigFix or outside.
I’m afraid the clients themselves are not aware of the correlations, as those are calculated on the root server. You could use a REST API or Web Report to build a list of computer IDs and correlations, though, and that should be helpful if you’re writing a custom tool to match computers with ServiceNow.
I don’t have a reference handy but I think this was recently handled by @ageorgiev at WebUI Cloud Plugin Correlation
