Discovery Patterns
Discovery patterns enable Tripl-i to automatically identify and classify specialized infrastructure, applications, and services during network scans. When raw discovery data is collected, the pattern engine analyzes processes, ports, files, and network behavior to determine what each system is running and how it should be categorized in the CMDB.
How Pattern Matching Works
During a discovery scan, Tripl-i collects information about each system — running processes, open ports, installed software, and file structures. The pattern engine then compares this information against a library of known patterns to identify what's running on each system.
For example, if a server has port 1521 open, an Oracle process running, and an /etc/oratab file present, the pattern engine identifies it as an Oracle Database server with high confidence. The system then classifies the CI appropriately, extracts relevant metadata (such as the database version), and creates the correct relationships.
Pattern Evaluation
Each pattern defines a set of detection criteria. When evaluating a system, the pattern engine:
- Checks detection criteria — Looks for matching processes, ports, files, or network behavior
- Calculates confidence — Based on how many criteria matched and their weight
- Applies classification — If confidence exceeds the threshold, the system is classified accordingly
- Extracts metadata — Relevant details like version numbers, cluster membership, or configuration are captured
- Creates relationships — Dependencies and connections are mapped automatically
Patterns can require all criteria to match or just a minimum number, depending on the pattern configuration.
Built-In Patterns
Tripl-i includes a library of pre-configured patterns for common infrastructure components.
Operating Systems
| Pattern | What It Detects |
|---|---|
| Windows Server | Server editions of Windows, domain controller roles, server hardware models |
| Linux Distribution | Ubuntu, RHEL, CentOS, Debian, SUSE — including version identification |
| Container OS | Container-optimized operating systems and container runtimes |
Databases
| Pattern | What It Detects |
|---|---|
| Oracle Database | Oracle instances, RAC clusters, Data Guard configurations |
| SQL Server | SQL Server instances, Always On availability groups, editions |
| PostgreSQL | PostgreSQL instances, streaming replication, primary/replica roles |
| MongoDB | MongoDB instances, replica sets, sharded clusters |
| MySQL/MariaDB | MySQL and MariaDB instances, replication topology |
Web & Application Servers
| Pattern | What It Detects |
|---|---|
| Apache HTTP Server | Apache instances, virtual hosts, modules |
| Nginx | Nginx instances, reverse proxy configurations |
| IIS | Internet Information Services, application pools |
| Apache Tomcat | Tomcat instances, deployed applications |
Enterprise Applications
| Pattern | What It Detects |
|---|---|
| SAP Systems | SAP instances, system IDs, instance types |
| Microsoft Exchange | Exchange servers, roles, mailbox databases |
| Active Directory | Domain controllers, forest/domain structure, FSMO roles |
| SharePoint | SharePoint farm servers, service applications |
Infrastructure Services
| Pattern | What It Detects |
|---|---|
| Kubernetes | Nodes, control plane components, worker roles |
| Docker | Docker hosts, container counts, runtime versions |
| VMware | ESXi hosts, vCenter connections, cluster membership |
| DNS Servers | DNS services, zone configurations |
| DHCP Servers | DHCP services, scope configurations |
Cloud Services
| Pattern | What It Detects |
|---|---|
| AWS Services | EC2 metadata, service types, resource identification |
| Azure Resources | Azure VM metadata, resource groups, subscriptions |
Pattern Confidence Scoring
Each pattern match receives a confidence score based on how well the system's characteristics match the pattern criteria.
| Confidence Level | Score Range | Meaning |
|---|---|---|
| High | 85-100% | Strong match — multiple criteria confirmed |
| Medium | 60-84% | Likely match — some criteria confirmed |
| Low | Below 60% | Possible match — limited evidence |
Systems with high confidence are classified automatically. Lower confidence matches may be flagged for review.
How Patterns Improve Your CMDB
Accurate Classification
Without patterns, a server running Oracle might simply appear as a "Linux Server." With patterns, it's properly identified as an "Oracle Database Server" with its version, instance name, and role captured.
Automatic Relationship Discovery
Patterns understand common application architectures. When a web application stack is detected (load balancer, web servers, application servers, databases), the pattern engine creates the appropriate dependency relationships between components.
Richer Metadata
Patterns extract application-specific details that standard discovery doesn't capture — database versions, cluster membership, replication roles, and configuration specifics.
Consistent Categorization
Built-in patterns ensure that the same type of system is always classified the same way, regardless of where it's discovered or who runs the scan.
Managing Patterns
Viewing Active Patterns
Navigate to Settings > Discovery Patterns to see the patterns currently active in your environment. Each pattern shows:
- Name — What the pattern identifies
- Category — Application, infrastructure, database, etc.
- Priority — Order in which patterns are evaluated
- Match Count — How many CIs have been matched by this pattern
- Status — Active or disabled
Enabling and Disabling Patterns
You can enable or disable patterns based on your infrastructure. If you don't run Oracle databases, disabling Oracle patterns reduces processing time during scans.
Pattern Priority
When multiple patterns could match the same system, priority determines which one takes precedence. Higher-priority patterns are evaluated first. This is useful when you have both generic and specific patterns — for example, a generic "Database Server" pattern and a specific "Oracle RAC Cluster" pattern.
Best Practices
Start with Built-In Patterns
The built-in pattern library covers the most common infrastructure. Enable patterns that match your environment and disable those you don't need.
Review Low-Confidence Matches
Periodically review CIs that were matched with lower confidence scores. These might need manual verification or could indicate that a pattern needs adjustment.
Keep Patterns Updated
As your infrastructure evolves, review your active patterns to ensure they still accurately reflect your environment. New application versions or infrastructure changes may affect pattern matching.
Monitor Pattern Performance
Check the match counts for your active patterns. Patterns with zero matches over an extended period can be disabled to improve scan processing performance.
Related Topics
- Scheduling — Configure discovery scan schedules
- Troubleshooting — Common discovery issues and solutions