- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
02-07-2023 10:33 AM - edited 02-07-2023 10:42 AM
There's a feature in Vulnerability Response that was released in V18.0 where you can reapply CI Matching Rules after the Source Data is updated on a Discovered Item. What this means is that when your vulnerability scanner gives new Source Data, it can be configured to rerun the CI Matching Rules overnight. If there is enough new information in that Source Data to match a CI in your CMDB, it will match through our normal process and make the subsequent changes within Vulnerability Response.
The case where this is most appropriate is when the scanner initially completes an unauthenticated scan and returns insufficient data for a match within the CMDB. When a subsequent full or agent scan happens that will provide additional information, we can use this process to look into the CMDB for a proper match.
To use this process, the system admin will need to enable the scheduled job called "Re-apply CI Lookup Rules on the Changed Discovered items." By default it's inactive. It's preferred to run this as a nightly process and would be best if it's schedule doesn't coincide with the scanner integration processes.
- 2,937 Views


- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Some more recommended resources to help you with CI Matching:
----------------------------
- CI Matching - How to do it right. (20 min video tutorial) and downloadable slides by Andy Ohja and Eric Feron - Video tutorial and slides, Mar 2020.
- The more you know - SecOps and CMDB Interactions (Video) by Andy Ohja and Denny Ng - Video, Jan 2023.
- ServiceNow Vulnerability Response CI Matching Tuning by John Gibbons - Full article, Mar 2022.
- Recommended practices for CI Matching success (Customers only: deep-dive webinar) Jan. 25-26, 2023 by Elizabeth Skogquist and John Gibbons - Recording of the Product Success webinar, Jan 2023.
- Reapplying CI Matching Rules to Discovered Items after Source Data is updated by Dan Daugherty - Full article, Feb 2023.
-----------------------------
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
@Dan Daugherty would it be best to schedule this job to run before or after your scanner integrations? I can see the benefit of either, but want your opinion.