- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-11-2023 06:42 AM
Hi All,
I have a situation where I see CIs getting created in classes other than Incomplete IP identified device, Unclassed Hardware, and Unmatched CI.
My client's requirement is, that the integration should only pick existing CIs from ServiceNow CMDB and no new CIs should be created in any other classes apart from Incomplete IP identified device, Unclassed Hardware, and Unmatched CI.
In my case CIs are getting created in IP address and Network Adaptor class.
Is there any way to stop this?
* Note: I am running only 2 scheduled jobs - Tenable.sc Fixed Vulnerabilities Integration and Tenable.sc Open Vulnerabilities Integration
Regards,
Maloy Banerjee
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2023 05:14 AM
Thanks for your reply. I got the answer from the below link.
https://docs.servicenow.com/bundle/sandiego-security-management/page/product/vulnerability-response/...
If the MAC address is available, the network adapter entry is created and related to the unclassed hardware CI. If both the IP and MAC addresses are available, the IP address CI is also created and related to the unclassed hardware CI.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-11-2023 10:49 AM - edited 12-13-2023 09:06 AM
I had the similar issue for Tenable.IO!!
- Update the CMDB CI -> Lookup Rules : Deactivate the Mac-address CI Matching Rule.
- Clean up the Discover Item table entries with source is Tenable.SC
- Update Tenable.SC Asset Transform Target Table with Computer Table.
- Add empty the Mac-Address values for TenableSC Asset Import processor script and transform map onBefore script for not updating the mac-address from Tenable.SC.
- I'm not using Tenable ServiceGraph connector so it will not create any entry in Incomplete IP address table after the Discover Item table cleanup
Update TenableSCVulnerabilitiesProcessor
Update Tenable.sc Asset Transform-> onBefore script
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-15-2023 06:08 AM
Hi @Liju John1 ,
I am not running the Tenable.sc Fixed Asset Integration and Tenable.sc Open Asset Integration jobs. I am only running Tenable.sc Fixed Vulnerabilities Integration and Tenable.sc Open Vulnerabilities Integration jobs.
So, will there still be any need for updating the On-before Transform Map - Tenable.sc Asset Transform? Does this Transform map automatically work in the background?
Regards,
Maloy

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-15-2023 11:20 AM
yes, you don't have to update the transform map then.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2023 05:21 AM - edited 12-16-2023 05:23 AM
Unfortunately, deactivating the MAC Address CI lookup rule created another problem for me. There were Vulnerable items created with empty CIs. I am not sure if the reason for VITs created with empty CIs is due to deactivating the MAC Address CI lookup rule but unfortunately, the solution provided by you didn't help me.
But I found a solution from the below link which says, If the MAC address is available, the network adapter entry is created and related to the unclassed hardware CI. If both the IP and MAC addresses are available, the IP address CI is also created and related to the unclassed hardware CI.