The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Multisource - Duplicate Network Adapter on CI in spite of Identification rule

JvS001
Tera Contributor

‎07-23-2025 04:40 AM

When I load CI information from the ACC and on top of that data from Defender Service Graph Connector for Defender Endpoint, additional information for my Computer CI is added to the Network Adapters related table. The problem I have is that a new MAC address is added to the CI (coming from SGC Defender)  although this MAC address already exists. In spite of the Identification rule on the [cmdb_ci_network_adapter] table to Identify an entry based on the MAC address. How can I prevent such a duplicate on my CI? Or, why is the Identification rule not executing?

Preview file
171 KB
Preview file
176 KB
Preview file
86 KB
0 Helpfuls
  • 613 Views
3 REPLIES 3

AJ-TechTrek
Giga Sage
Giga Sage

‎07-23-2025 06:56 AM

Hi @JvS001 ,

 

As per my understanding the Problem recap is - 


 

When loading CI data from ACC and then overlaying data from the Service Graph Connector (SGC) for Defender, you’re getting duplicate entries in the [cmdb_ci_network_adapter] table.
Specifically, duplicate MAC addresses—even though you have an Identification Rule that should use the MAC address to avoid this.

 

Why this happens:


1. Multiple data sources / transform maps:
* If both ACC and SGC Defender are configured to insert network adapter records instead of update, this may bypass the identification process.


2. Transform map setup:
* If the Transform Map(s) for SGC Defender are set with coalesce = false, it will insert new records rather than updating existing ones, even if the MAC address matches.


3. Identification Rule not triggered:
* The Identification Rule only triggers when:
* You use the Identification and Reconciliation Engine (IRE).
* Or, you configure the transform to explicitly call CMDBTransformUtil / IRE.
* If data is loaded directly into the target table without using IRE, the rule won’t execute.

 

Solution -
Step 1: Verify Transform Maps and Coalesce
* Go to: System Import Sets → Administration → Transform Maps.
* Find the transform map(s) for SGC Defender data load.
* Check:
* Coalesce field should be set on the mac_address column.
* Or, instead of coalescing, configure the transform map to use IRE.

 

Step 2: Use IRE properly
* If you aren’t yet, change the process to send data to the Staging tables, then use the Identification and Reconciliation Engine (IRE) to load into the CMDB.
* IRE uses the Identification Rules on cmdb_ci_network_adapter to de-duplicate based on MAC address.

 

Step 3: Check Identification Rule
* Navigate to Identification Rules → find the rule for cmdb_ci_network_adapter.
* Confirm:
* The MAC address is listed as a required identifier.
* Rule is active.
* Make sure there are no conflicting rules that might cause unexpected inserts.

 

Step 4: Review Data Quality
* Confirm that the MAC address coming from ACC and from SGC Defender are:
* In the same format (e.g., uppercase, colon-separated).
* Sometimes small differences in formatting cause the rule to not match.

 

Step 5: Implement Reconciliation Rule (Optional)
* If there are overlapping attributes (like IP address, etc.), consider a Reconciliation Rule to decide which source has priority

 

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
 
Thank You
AJ - TechTrek with AJ
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
ServiceNow Community MVP 2025

0 Helpfuls

cassieb_
Giga Guru

‎07-25-2025 09:16 AM

What are the reconciliation rues? Clearly the record coming fails criteria for the first identification rule.

 

0 Helpfuls

srinija_itom
Tera Guru

‎07-26-2025 11:16 AM - edited ‎07-26-2025 11:20 AM

Hi @JvS001 , 

 

Please try Creating an IRE data source rule this should fix your problem of duplicates.  Navigate to cmdb_ire_data_source_rule.do table  and create new rule of network adapter table where data source is SGC  Defender.

 

For example as shown in the below  screenshot.

 

srinija_itom_0-1753553990186.png

 

 

When using Identification and Reconciliation Engine (IRE), you can prevent a specific discovery (data) source from inserting new CIs for a specific class. Create IRE data source rules for discovery sources that you don't trust in creating CIs but continue to trust in updating those CIs that exist.

 

Here is the link to the documentation.

 

https://www.servicenow.com/docs/csh?topicname=create-ire-data-source-rule.html&version=latest

If the above info is helpful, please accept the solution or mark the solution as helpful.

 

Regards, 

 

Srinija

0 Helpfuls