Dan Daugherty
ServiceNow Employee
ServiceNow Employee

There's a feature in Vulnerability Response that was released in V18.0 where you can reapply CI Matching Rules after the Source Data is updated on a Discovered Item. What this means is that when your vulnerability scanner gives new Source Data, it can be configured to rerun the CI Matching Rules overnight. If there is enough new information in that Source Data to match a CI in your CMDB, it will match through our normal process and make the subsequent changes within Vulnerability Response.

The case where this is most appropriate is when the scanner initially completes an unauthenticated scan and returns insufficient data for a match within the CMDB. When a subsequent full or agent scan happens that will provide additional information, we can use this process to look into the CMDB for a proper match.

To use this process, the system admin will need to enable the scheduled job called "Re-apply CI Lookup Rules on the Changed Discovered items." By default it's inactive. It's preferred to run this as a nightly process and would be best if it's schedule doesn't coincide with the scanner integration processes.

 

Comments
Eric Feron
Moderator
Moderator

Some more recommended resources to help you with CI Matching:

----------------------------

-----------------------------

Martin Dewit
Kilo Sage

@Dan Daugherty would it be best to schedule this job to run before or after your scanner integrations? I can see the benefit of either, but want your opinion.

Version history
Last update:
‎02-07-2023 10:42 AM
Updated by: