FireMon Asset Manager
Page tree

Versions Compared

Old Version 1

changes.mady.by.user user-05670

Saved on

compared with

New Version Current

changes.mady.by.user Dong Pak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Use Case #1 – Lumeta Integration partner reports and action for ticket workflow

...

Asset Manager integration has passed ServiceNow's rigorous certification process and is available now in the ServiceNow Store. Search for "FireMon" or "Asset Manager" to get started. 

In this implementation, Asset Manager highlights missing network data for the ServiceNow.  ServiceNow then pulls this network data from Asset Manager. Cloud Discovery (aka Scanner) enables ServiceNow to pull cloud details from Asset Manager as well. 

Here's how the integration works:

  1. ServiceNow initiates the first API call to Asset Manager requesting a list of all third-party integrations configured on the Command Center and the connection status of each. This screenshot shows the scheduled job that calls the underlying API to pull data from Asset Manager. 

    Image Added

    The results display in this Security Integrations dashboard in ServiceNow. It lists bundles of all third-party integrations configured on the Command Center and the connection status of each.

    Image Added 

  2. ServiceNow initiates a second API call to Asset Manager to see the gaps. Asking the question, "What does Asset Manager know that ServiceNow doesn't?"

    Image Added
    1. Did Asset Manager identify a device lacking an agent such as McAfee or Carbon Black
    2. Did Asset Manager find a device that ServiceNow hasn't scanned?  (Tenable, Qualys, Rapid7)?
    3. Did Asset Manager discover a CIDR or IP that ServiceNow isn't aware of (Infoblox, BlueCat).

...

  • After the SNOW ticket is marked completed because the security professional followed the process (a remediation step is completed and the SNOW status is changed).
  • API call sent to Lumeta kick off a query to the integration server and get updated list of gaps from the Integration server.
  • Update SNOW with the new status

Use Case #2 – CMDB Data

  • Lumeta needs more information on the SNOW CMDB Data schema.  What is retained in the SNOW database and the structure?
  • Lumeta queries SNOW on an interval and pulls CMDB data:             
  • Lumeta does a diff and pushes assets that are missing in SNOW to the SNOW Server to be populated in the SNOW CMDB.
  • Lumeta Configurable parameter to push assets as  Global or by Zone

...


  1. For those whose "SNOW Status" is unmatched, ServiceNow generates an incident ticket––one incident ticket per third-party vendor such as McAfee and containing individual records for each finding (e.g., one row for each of the device at issue).

    Image Added


  2. ServiceNow security professional remediates the issue and marks the ticket as "completed."
  3. ServiceNow initiates a third API call to Asset Manager to get an updated list of gaps.
  4. Asset Manager compares the current issue-status to the expected issue-status to validate that ServiceNow-fixed issues are demonstrably fixed. 
  5. Asset Manger updates ServiceNow with the new status.

    Image Added

  6. In Asset Manager, you can configure the ServiceNow integration to have Asset Manager update ServiceNow at regular polling intervals, the cadence of which you set. This mechanism refreshes ServiceNow device details as often as you like, keeping them current. 

Populating CMDB Data

A second use case uses a similar API exchange to answer the question, "What has Asset Manager discovered?" It shares with ServiceNow information about a device's profile, its status, and when it was first and last observed. It conveys timestamps and other network details to populate the Configuration Management Database (CMDB) within ServiceNow. 

Tip
titleAbout CMDB

Configuration Management Database (CMDB) is an IT model for the efficient support of services and whose purpose is to organize and manage Configuration Items (CI). 

Here's how it works:

  1. Asset Manager queries ServiceNow at a regular interval and ingests CMDB data from ServiceNow, handling it as an external source.
  2. Asset Manager compares data across the two systems.
  3. Asset Manager pushes assets and attributes that are missing in ServiceNow to the ServiceNow server, which it populates the ServiceNow CMDB.
  4. Asset Manager can push assets globally or by zone.

Asset Manager Dashboards within ServiceNow

Image Added

Asset Manager Continuous Discovery
From Asset Manager, each device profile, its status, first observed, and last observed timestamps, and other network details populating the CMDB database within ServiceNow. 

Image Added

All of the dashboards in ServiceNow can be personalized to display the columns of interest.

Image Added