Learn About Discovery

Learning Objectives

After completing this unit, you’ll be able to:

Explain the purpose of Discovery and how it helps reduce manual work and control IT costs.
Identify the three primary methods used to discover and ingest IT assets.
Describe the difference between scan jobs and process jobs when updating your CMDB.

What Is Discovery?

In the previous unit, you explored how data is structured in the CMDB. You know that a database is only as good as the data inside it. You could manually enter every new laptop, router, or virtual server, but in a modern, ever-changing IT landscape, who has the time for that?

That’s where discovery comes in. Discovery is the automated ingestion engine that ventures out into your corporate networks, on-premises data centers, and public cloud infrastructure to identify and catalog hardware and software. It eliminates the need for manual spreadsheets by regularly fetching data to keep your CMDB accurate and up to date.

Not only does this save your IT team countless hours of manual data entry, but it also provides the critical, real-time data needed to build those visual service graphs so you use it in team meetings, trace outages and assess the risk of a proposed change.

Keep Cloud Costs Under Control

There is another massive benefit to this automated visibility: cost control. In a sprawling cloud environment, it's easy to spin up a new virtual server, network, or database or two for a quick test and then completely forget about them.

Those forgotten instances sit there quietly running in the background, racking up hourly cloud charges. Out of sight may be out of mind, but that doesn't mean it's not hitting your bottom line. By discovering and cataloging your infrastructure, your IT team can quickly identify these abandoned or inactive assets. Once flagged in the CMDB, you can safely decommission them before costs spiral.

Three Methods of Discovery

Because modern IT environments are incredibly diverse, Agentforce IT Service offers three distinct ways to discover and ingest your assets. Here is a quick breakdown of how they work, their benefits, and a few common use cases.

Method

How it Works

Benefits

Examples

Agent-based

A lightweight agent is installed directly on endpoint devices. The agent securely connects to an intermediate discovery app and executes automated scans at customizable intervals to keep your asset data fresh. The default scan is every hour.

Perfect for a distributed workforce end-user computing (EUC).
Provides credential-less administration.
Continuously monitors devices even when they drop off the corporate network.

Employee laptops
Traveling team devices
Installed third-party software (like a learning management system (LMS) or different web browser versions)

Agentless

Uses a central discovery app to perform remote network scans, acting much like a radar tower for your IT infrastructure.

Great for mapping more static infrastructure.
Always connected to the corporate network.
Doesn't require installing individual agents on every single device.

Corporate data centers
Physical servers, network devices (like routers and switches) via SNMP (Simple Network Management Protocol)
Enterprise software

Integration/API-based

Connects directly with public cloud providers and third-party endpoint management systems (like Microsoft Intune or Jamf) using secure APIs to scan for and retrieve asset data.

Seamlessly imports massive cloud footprints and third-party data directly from the provider.
Unlike network scans, APIs capture the underlying, cloud-native architecture.

Cloud-native infrastructure like AWS Elastic Block Storage (EBS)

Load balancers
Azure security groups, and cloud-hosted applications
Mobile phones and tablets managed by mobile device management (MDM) solutions

Agentless Versus Agent-Based Discovery

There are additional benefits and tradeoffs regarding the initial setup effort (such as configuring network firewalls versus deploying endpoint agents) and the granular depth of the data returned by each. Further exploration of these advanced technical nuances is beyond the scope of this badge, however.

If you are a visual learner, it helps to see how these three distinct methods actually connect to your CMDB. As you can see in the architecture diagram, API-based discovery connects directly to the cloud, agentless discovery uses a central app to ping your corporate network, and agent-based discovery securely reports back from employee devices no matter where they are working from.

Diagram with the three discovery methods.

Make Sense of the Data

Now that you know the three methods, how do you put them to work and get that data into Agentforce IT Service?

Agentless and API-Based Discovery

Your IT team must configure two key elements before they can fetch any data.

Credentials: Secure logins (like Windows admin rights or AWS access keys) stored safely in a credential vault so the system can authenticate its access.
Targets: Logical groupings of what you want to scan, like an IP range for your New York data center or a specific Azure cloud environment.

Once your targets and credentials are in place, you kick off a scan job. A scan job is the actual execution of a discovery run against a specific target.

Agent-Based Discovery

Because the lightweight agent is already installed securely on the employee's device, it is completely credential-less. It also doesn't rely on targets or manual scan jobs. Instead, the agents simply run continuous scans in the background and automatically report back to the CMDB at configurable intervals.

Whether your data arrives via a target-driven scan job or an automatic agent check-in, the system handles the incoming payload by doing one of two things.

Creates new CIs: If it finds a server or application that doesn’t exist in your database, it automatically creates a brand-new Configuration Item (CI) record.
Updates existing CIs: If it scans a laptop already in your CMDB but notices the operating system was recently updated, it modifies the existing CI record with the fresh data.

Process Jobs

Finding the assets and updating their records is awesome, but it is only half the battle. To build the dynamic service graphs you saw earlier, the CMDB needs to understand how all of these isolated assets connect to one another.

That is where process jobs come in. Agentforce IT Service includes several out-of-the-box process jobs that run in the background after a scan is complete. They analyze the raw discovery data to automatically establish relationship links between your CIs. A few key examples include:

Application dependency mapping (ADM): Maps exactly which applications are running on which servers.
Cloud hierarchy: Links your cloud virtual machines to their respective storage buckets and security groups.
DevOps: Creates relationships between CIs that power devops workloads. Examples include Internet Information Services (IIS) and MySQL/Apache deployments.
Software installation: Links installed software and license keys directly to the devices they run on.

By running these jobs regularly, your IT team never has to manually draw relationship lines again. The system fetches the data via scan jobs, updates the CMDB, and connects the dots using process jobs. You can instantly explore these connections directly in your service graphs.

Panoramic view of fetching and processing data for CMDB using agentless discovery.

Agentless and API-based discovery uses your secure credentials and defined targets to scan your diverse IT environments, returns a payload of raw CI data, and relies on automated process jobs to constantly build and update your CMDB foundation.

Visualizing these individual relationships on a service graph is fantastic, but the CMDB and discovery story doesn’t stop there. In the next unit, you explore how to monitor the health, performance, and costs of this entire IT estate using the Discovery and CMDB Dashboards.

Resources

Salesforce Help: Key Terms in Discovery

Geschätzte Zeit

Themen

Benötigen Sie Hilfe?