OperatorZero / Discovery
Technical Instance Assessment
ServiceNow
Discovery Report
Full technical scan of your ServiceNow instance — customizations, integrations, CMDB, and security posture.
🔴
Critical
19 of 20 update sets stuck "in progress" — no customizations are promotable
🔴
Critical
100% of 2,784 CIs are stale — no CMDB updates in 6+ months
🟠
High
16 of 18 admin accounts are demo artifacts — last login 2010–2012 or never
🟠
High
MFA not configured — glide.ui.login.mfa.enabled property absent
🟠
High
No IP restrictions — open instance with no allowlist
🟠
High
No MID Servers — Discovery and many integrations non-functional
🟠
High
3 outbound REST messages use no authentication (including u_external_approval_api in global scope)
🟡
Medium
39 legacy workflows still active — Flow Designer migration incomplete
Single-node dev instance. No cluster configuration. No MID Servers registered. Transaction log is clean — 0 errors in the last 7 days. Instance is approximately 2–3 patches behind the current Zurich stream as of Feb 2026.
Business Rules by Scope — Custom Apps Only
| Scope |
Source |
Total |
Active |
Inactive |
| Task Runner |
CUSTOM |
4 | 4 | 0 |
| Asset Tracker |
CUSTOM |
2 | 2 | 0 |
|
226 OOB rules across 62 platform scopes (Goal Framework, Key Management, CMDB Workspace, Employee Center + 58 more) — excluded from custom analysis.
|
⚠️ Flagged Rules on Critical Tables
| Rule Name |
Table |
When |
Source |
Risk |
| AI - Auto High Urgency for High Impact |
incident |
before |
CUSTOM Task Runner |
HIGH |
| RITM Comment Notification |
sc_req_item |
after |
CUSTOM Asset Tracker |
HIGH |
|
12 OOB rules excluded from analysis (Security Center, CAB Workbench, SOW modules) — platform baseline, no action required.
|
220
Scripted REST APIs (Inbound)
Outbound REST Messages — Auth Assessment
| Name |
Endpoint |
Auth |
Risk |
| u_external_approval_api |
No endpoint set |
None |
DELETE |
| o0_test_rest_message |
No endpoint set |
None |
DELETE |
| o0_External_API |
jsonplaceholder.typicode.com |
None |
MOCK API |
| Firebase Cloud Messaging (×2) |
fcm.googleapis.com |
OAuth (runtime) |
OK |
| DoIT ServiceBridge Integration |
— |
Basic |
REVIEW |
| Yahoo Finance |
http://finance.yahoo.com |
None (public) |
DEPRECATED |
OAuth Providers — Placeholder IDs Detected
5 IdP providers (Azure AD, Okta, Auth0, Google, ADFS) have {placeholder} client IDs — these are template records that were never completed. Slack and Teams are configured. Custom OAuth clients: OZ Nexus, WebKit HTML to PDF.
0
MID Servers for Discovery
Top Connected CIs — Infrastructure Hubs
| Rank |
CI Name |
Total Relationships |
Role |
| 1 | PS LoadBal01 | 12 | PeopleSoft load balancer — hub of PS stack |
| 2 | SAP LoadBal01 | 12 | SAP load balancer — primary |
| 3 | SAP LoadBal02 | 12 | SAP load balancer — redundant pair |
| 4 | ny8500-nbxs08 | 11 | Network switch — PS backbone dependency |
| 5–7 | PS Apache 01/02/03 | 11 each | PeopleSoft web tier — all app traffic |
| 8 | Bond Trading | 9 | Business service — depends on 7 CIs |
| 9 | Storage Area Network 002 | 8 | ⚠️ Pure dependency sink — 8 SAP CIs write to it |
Note: Current CMDB data is OOB demo content. With no MID Server running, Discovery cannot populate real CI data. CMDB should be considered unreliable for production use. With only 238 relationships across 2,784 CIs (avg <0.1 per CI), topology mapping is essentially absent.
Admin User Audit
| User |
Username |
Last Login |
Status |
| System Administrator | admin | 2026-02-20 | ACTIVE |
| nexu nexus | oz_nexus | 2025-11-20 | ACTIVE |
| Rob Phillips | rob.phillips | 2010-05-18 | REVOKE |
| Scott Seixas | scott.seixas | 2012-11-17 | REVOKE |
| Fred Luddy | fred.luddy | Never | REVOKE |
| + 11 more demo accounts | | Never / 2012 | REVOKE |
CRITICAL
Admins
Revoke admin role from 16 stale demo accounts — reduce from 18 admins to 2
Security
CRITICAL
REST Messages
Delete u_external_approval_api and o0_test_rest_message — no endpoint, no auth, no purpose
Hygiene
CRITICAL
CMDB
Deploy MID Server and run Discovery to populate real CI data
Data Quality
HIGH
Update Sets
Close or abandon 19 in-progress update sets — nothing is promotable until resolved
Promotability
HIGH
Security
Enable MFA (glide.ui.login.mfa.enabled) and configure IP allowlist
Security
HIGH
Business Rules
Audit Task Runner's auto-urgency escalation rule on incident — verify logic matches business intent
Accuracy
MEDIUM
Workflows
Delete test workflow on incident table; begin migrating 39 legacy workflows to Flow Designer
Modernization
MEDIUM
OAuth / IdP
Complete or remove 5 IdP provider records with placeholder client IDs
Integrations