Overview
Host Import Maps determine how and what scanner asset data is mapped to a target table and the target fields. This article is intended to help you understand how and when to utilize Host Import Maps.
Background
When asset data is ingested from a third-party vulnerability scanner and an existing CMDB CI match cannot be determined and there is not an existing Discovered Item that matches the source ID, Vulnerability Response (VR) will create a new CMDB CI. This Unmatched CI will be created in one of the following classes:
- Unclassed Hardware
- Unmatched CI
- Cloud resource
This new Unmatched CI can then be used in future CI reconciliation efforts and can be reclassified either manually or through ServiceNow Discovery and the Identification and Reconciliation Engine (IRE). The main component that determines how IRE is to find existing matches within the CMDB is by use of the CMDB Identification Rules. These rules are designated sets of criterion attribute values of a CI, that can be used to uniquely identify the CI. Unique attributes can be from the same table or from derived tables. The main identification rule used in IRE for Unmatched CIs is Hardware. One of the main identifier entries used in the Hardware rule is Name. If there are inconsistencies with the discovered/VR “Name” value a match will not be found. For example:
- Unmatched CI name was created with a domain name i.e., serverA.example.com
- Discovery found a Linux server with the host name serverA
Based on the identifier entry for ‘Name’ the Unmatched CI will not match based on the name. Host Import Maps not only define the mapping of source fields they allow you to run logic to sanitize or normalize the incoming values. The main elements of a Host Import Map:
How to solve the issue
- Analyze your current Discovered Item data to determine why domain names are being included in your Unmatched CI name.
Based on your analysis above we will need to adjust the following maps:
- Go to the ‘sn_sec_cmn_src_cmdb_map’ table
- Filter the mapping records by Source and Target Table and Target Field.
For each of the maps that need to be adjusted, open each mapping and select the “Use Script”. A Script field will appear with an example of the expected logic. Adjust the script to match what the data is within your discovered item.
You can then run your asset import and the Unmatched CIs will be created with just a host name.
**Note: This will only work for new assets. If you have existing data that has a name issue you will need to delete your existing data that references a CI with a domain name and re-run the integration to bring back in the assets
