Day 11: DDIS - Catalog item without short description

Scan Check Type: Table Check [sys_cat_item]

Catalog items without short descriptions are harder to find on the catalog, and don't give end users an idea of what a catalog item is for at a glance.

Include values for the short description on catalog items to describe a little more than just the name.

This scan was developed using a table check with condition to identify any catalog item records without a short description filled in. I don’t know that this rule is currently a part of any other sources, but it’s a well known best practice in the Service Catalog space..

Download and import the XML to check it out in your instance! At the end of the month I will be bundling all the checks together.

Day 11 scan_table_check_9bf08f632f8b59107caa93acf699b61b.xml

Day 10: DDIS - Unused Inactivity Monitors

Scan Check Type: Script Only Check

Inactivity Monitors which are not connected to any action consume system resources needlessly.

Either remove the unused inactivity monitor, or assign an action to it.

This scan was developed using a script only check with condition to identify any inactivity monitor record (sysrul_escalate_am) that does not have an associated script action or email action record configured. I credit the development of this check to Mark Roethof. Mark has contributed a number of checks to open source, but currently this one is only found on his community blog in picture format. This check is also found in QualityClouds product as well.

Download and import the XML to check it out in your instance! At the end of the month I will be bundling all the checks together.

Day 10 scan_script_only_check_0672a3662f2311107caa93acf699b606.xml

Day 9: DDIS - Creating custom tables in the global scope

Scan Check Type: Table Check [sys_db_object]

ServiceNow recommends creating custom tables in scoped applications. Creating custom tables has licensing implications.

Avoid creating custom tables in the global scope. Use scoped applications instead.

This scan was developed using a table check with condition to identify any table records with a prefix of ‘u_’ which uniquely identifies custom global tables. This check is inspired by QualityCloud’s product. With ServiceNow changing their licensing to counting custom table usage, it is especially important to have a good handle on any custom tables and being able to map them back to the proper application.

Download and import the XML to check it out in your instance! At the end of the month I will be bundling all the checks together.

Day 9 scan_table_check_fd34be672f4b59107caa93acf699b6f4.xml

Day 8: DDIS - console.log in client scripts

Scan Check Type: Table Check [sys_script_client]

The client-side function console.log could cause errors in certain browser versions

Replace console.log() calls with jslog. The benefits of jslog are that you have to open the JavaScript Debugger Window to view the output, it is compatible with all browsers, and can be left in production since only administrators can open the window.

This scan was developed using a table check with condition to identify any client script records that contain ‘console.log’. This check takes inspiration from the check within QualityClouds.

Download and import the XML to check it out in your instance! At the end of the month I will be bundling all the checks together.

Day 8 scan_table_check_fda8ee6b2fc759107caa93acf699b6c3.xml

Day 7: DDIS - System property missing a property category

Scan Check Type: Table Check [sys_properties]

System properties should be a part of at least one property category, so they aren't floating in the ether.

On the system property related list table for category, either edit and select an existing category, or create a new category and then add the system property under it.

This scan was developed using a table check with script to identify any system property records with without a denoted system property category. This isn’t a best practice rule in any product I’ve seen, but from my experience with integration development, this is a best practice so you can easily keep track of and manage all of the system properties in one place.

Download and import the XML to check it out in your instance! At the end of the month I will be bundling all the checks together.

Day 7 scan_table_check_d4ef4fd92f4b51107caa93acf699b6fe.xml

Day 6: DDIS - Catalog item with no meta tags

Scan Check Type: Table Check [sc_cat_item]

Catalog items without META tags are harder for portal users to find through search.

Include values for the META tags on catalog items to make them more easily retrievable for the search function.

This scan was developed using a table check with condition to identify any catalog items without a filled in meta field. A similar version of this check exists within Quality Cloud product.

Download and import the XML to check it out in your instance! At the end of the month I will be bundling all the checks together.

Day 6 scan_table_check_caee0f592f4b51107caa93acf699b629.xml

Day 5: DDIS - User Preference "Rows per Page" set above 100

Scan Check Type: Table Check [sys_user_preference]

System performance may degrade if many users set their "rows per page" user preference to high values.

Set the default rows per page back to 100 for each user who has changed it. Navigate to sys_user_preference table, and update the rowcount and mobile_rowcount preferences.

This scan was developed using a table check with condition to identify any user preference records with a rowcount/mobile_rowcount name, and a value that is greater than 100. This check appears both in ServiceNow’s Health scan and Quality Cloud’s product. Some sources disagree on the exact number to be used (some cite 20 or 50), but above 100 can definitely cause issues. The suggestion may be to set the default to 20, but allow users to select 50/75/100.

Download and import the XML to check it out in your instance! At the end of the month I will be bundling all the checks together.

Day 5 scan_table_check_e925dc412f4311107caa93acf699b6f3.xml

Day 4: DDIS - Reports with inactive users

Scan Check Type: Table Check [sys_report]

Over time users can leave the company, leaving behind reports in the system. These should be migrated to be owned by other users or retired/deleted.

Reports should be owned by an active user who is responsible for the maintenance of the report.

This scan was developed using a table check with condition to identify any report records with an inactive created by user. I don’t know that this rule is currently a part of any other sources, but it is very similar to the OOB Scheduled reports for inactive users check as part of the Instance Troubleshooter.

Download and import the XML to check it out in your instance! At the end of the month I will be bundling all the checks together.

Day 4 scan_table_check_e84bda4c2f4f15107caa93acf699b6f7.xml

Day 3: DDIS Require file extensions restriction

Scan Check Type: Table Check [sys_properties]

As part of instance hardening, ServiceNow recommends to set the property glide.attachment.extensions to restrict available attachment types.

This scan was developed using a table check with condition to identify the specific property and check it’s value. Since this property exists OOB, it doesn’t do a negative check to verify it doesn’t exist also. This scan check is also found within ServiceNow’s Health Scan product. It is also linked in the ServiceNow Docs site as best practice, https://docs.servicenow.com/en-US/bundle/tokyo-platform-administration/page/administer/security/reference/restrict-file-extensions.html

Download and import the XML to check it out in your instance! At the end of the month I will be bundling all the checks together.

Day 3 scan_table_check_49a99a882f4f15107caa93acf699b673.xml

Day 2: DDIS - Enable update on iterate

Scan Check Type: Table Check [sys_properties]

ServiceNow has different ways to navigate within the instances. One of these ways to move from record to record is to use the arrows that appear in each individual record header.

However, this navigation can be more complex and less fluid if the system property glide.ui.update_on_iterate is set to FALSE. With this property disabled, changes made to the record are not automatically saved when moving to the next record, forcing an user action.

This scan was developed using a table check with condition to identify the specific property and check it’s value. Since this property exists OOB, it doesn’t do a negative check to verify it doesn’t exist also. This scan check is also found within QualityClouds’ product.

Download and import the XML to check it out in your instance! At the end of the month I will be bundling all the checks together.

Day 2 scan_table_check_2f7fbec32fb651107caa93acf699b6c7.xml