Automated cloud discovery into ServiceNow import sets

Turbot Guardrails already supports direct cloud discovery from AWS, Azure, GCP, and Kubernetes to target CMDB CI tables; this ensures records are in sync at all times as changes in the cloud occur. As we have been working with large enterprises who leverage ServiceNow import sets as their preferred integration pattern, Guardrials now supports our cloud discovery features to push to ServiceNow import sets as well.

The integration requires no additional ServiceNow modules, AWS, Azure, GCP or Kubernetes services. Instead, Turbot Guardrails enables a direct, low-cost way to get real-time cloud discovery delivered to import sets to stage records for transformation to your target CMDB tables.

Whether you are using our direct discovery to CMDB tables features, or discovery to import sets, Guardrails provides broader coverage, in-depth configuration details, and more accurate ServiceNow CMDB data by surfacing comprehensive and timely cloud resource insights. With the breadth, depth, and speed of the Guardrails cloud discovery features, Guardrails is an ideal solution for those new to cloud discovery or looking to augment existing ServiceNow cloud integrations.

Why an automated cloud discovery for ServiceNow?

Manual and scheduled discovery of cloud resources leads to inaccurate ServiceNow data. Cloud resources change too quickly for legacy discovery methods to keep up. As a result, CMDBs end up with blindspots and incorrect configurations.

When you automate continuous cloud discovery, and integrate resources into ServiceNow, you:

• Eliminate blindspots by covering more cloud services beyond the native integrations
• Prevent missing and stale data with instant updates when resources change
• Enable flexible control over how resource data syncs to CMDB CI tables
• Surface cloud resource tags and metadata to enrich CMDB context
• Archive historical records of provisioned resources that get deleted

Augmenting native cloud discovery in ServiceNow

Native ServiceNow connectors and integrations are available to enable discovery of core cloud services such as Compute, Storage, and Networking. But these have limitations including:

• Extra licensing and services
• Limited resource coverage
• Minimal configuration data captured
• Reliance on scheduled batch jobs rather than real-time discovery
• Need for professional services and customization

The Turbot Guardrails ServiceNow integration augments native capabilities by:

• Point-and-click integration setup
• Discovering IaaS & PaaS cloud resource types out of the box
• Reducing licensing dependency and service overhead
• Automatically updating ServiceNow when resources changes directly to CMDB tables or via import sets
• Providing flexible control to configure synced data as needed
• Centralized management for all cloud discovery scopes: AWS, Azure, GCP, and Kubernetes

By combining automated discovery from Turbot Guardrails with ServiceNow, you accurately sync cloud resource configs into ServiceNow's CMDB — or via import sets in real-time — without added cost and complexity.

Configuring automated cloud discovery sync to ServiceNow import sets

ServiceNow import set configuration

While our direct-to-CMDB CI tables handle table creation, record transformation, and CI record syncs, when using import sets you will need to configure a staging table, choose a target table, and create the transform map to bring the data from staging to target.

The first step is to ensure you have an import set staging table already created in ServiceNow. Whether you have multiple staging tables, use unique fields per table, or keep it simple with a generic staging table and fields, Guardrails makes it easy to map to the data architecture you prefer.

In this example, Guardrails Staging Table exists with a Guardrails Resource ID coalesce field, and a Cloud Resource Data field for all the configuration data about the resource.

Also ensure you have a ServiceNow CMDB CI target table in place. In our example, we will focus on GCP storage buckets. The target table is an extension table from cmdb_ci specific for cloud storage buckets.

Import sets require a transform map that will move the record from the staging table to the target table. In our script, we map the Cloud Resource Data field from the import set cloud_resource_data field to the columns in the target table.

Now that we have a ServiceNow import set in place, we can flip Guardrails configuration to discover and sync cloud data to the import set table.

Enable Guardrails to push to import set tables

In this example we will show how to enable syncing GCP Storage Buckets directly to the import, so they can ultimately be added to the CMDB CI target table.

Set the Turbot Guardrails policy GCP > Storage > Bucket > ServiceNow > Import Set to “Enforce: Sync” and apply to all or specific GCP projects:

For the integration-enabled GCP project, the following GCP resources will be in scope for the GCP discovery:

Instantly the GCP resources are pushed to the import set table, then transformed to the target table:

As GCP resources are added, updated, or deleted, Guardrails handles the configuration drift and keeps the ServiceNow CMDB updated.

For example, when an GCP resource changes, Guardrails captures the drift and updates the ServiceNow CMDB:

Cloud resource deletion can be set up to remove the resource or update an operational status column with an archive status.

Add cloud security & FinOps posture details to ServiceNow

Adjust what's included in the import set using Guardrails policy settings. You can add additional data from the cloud provider, audit trails, and context from Guardrails on the security & FinOps posture of the cloud resource.

In the GCP > Storage > Bucket > ServiceNow > Import Set > Record policy, we can add additional fields to the cloud_resource_data column in the import set:

• Include the versioning_enabled configuration: versioning_enabled: {{ $.resource.data.versioning.enabled }}
• Elevate a label (tag) into its own column: environment: {{$.resource.turbot.tags.environment }}
• Add the state of the Guardrails control to protect against public access: public_access: {{ $.resource.public.items[0].state }}

See Turbot Guardrails cloud discovery to ServiceNow import sets in action

Ready your ServiceNow CMDB with automated cloud discovery

Get started with a 14-day free trial of Turbot Guardrails to experience automated discovery and sync for cloud resources into your ServiceNow instance. Real-time, comprehensive visibility within minutes starting at just $0.05 per resource per month.