Day 3: DDIS Require file extensions restriction

Scan Check Type: Table Check [sys_properties]

As part of instance hardening, ServiceNow recommends to set the property glide.attachment.extensions to restrict available attachment types.

This scan was developed using a table check with condition to identify the specific property and check it’s value. Since this property exists OOB, it doesn’t do a negative check to verify it doesn’t exist also. This scan check is also found within ServiceNow’s Health Scan product. It is also linked in the ServiceNow Docs site as best practice, https://docs.servicenow.com/en-US/bundle/tokyo-platform-administration/page/administer/security/reference/restrict-file-extensions.html

Download and import the XML to check it out in your instance! At the end of the month I will be bundling all the checks together.

Day 3 scan_table_check_49a99a882f4f15107caa93acf699b673.xml