CI getting created in classes other than Incomp IP identified device, Unclassed H/w and Unmatched CI

Go to solution
Maloy Banerjee1
Tera Expert

‎12-11-2023 06:42 AM

Hi All,

 

I have a situation where I see CIs getting created in classes other than Incomplete IP identified device, Unclassed Hardware, and Unmatched CI.

My client's requirement is, that the integration should only pick existing CIs from ServiceNow CMDB and no new CIs should be created in any other classes apart from Incomplete IP identified device, Unclassed Hardware, and Unmatched CI.

In my case CIs are getting created in IP address and Network Adaptor class.

Is there any way to stop this?

* Note: I am running only 2 scheduled jobs - Tenable.sc Fixed Vulnerabilities Integration and Tenable.sc Open Vulnerabilities Integration

 

MaloyBanerjee1_0-1702305475760.png

 

Regards,

Maloy Banerjee

0 Helpfuls
  • 1,257 Views
1 ACCEPTED SOLUTION

Go to solution
Maloy Banerjee1
Tera Expert
In response to Aaron Molenaar

‎12-16-2023 05:14 AM

Thanks for your reply. I got the answer from the below link.

https://docs.servicenow.com/bundle/sandiego-security-management/page/product/vulnerability-response/...

If the MAC address is available, the network adapter entry is created and related to the unclassed hardware CI. If both the IP and MAC addresses are available, the IP address CI is also created and related to the unclassed hardware CI.

View solution in original post

6 REPLIES 6

Go to solution
Liju John1
Mega Guru

‎12-11-2023 10:49 AM - edited ‎12-13-2023 09:06 AM

I had the similar issue for Tenable.IO!!

  • Update the CMDB CI -> Lookup Rules : Deactivate the Mac-address CI Matching Rule.
  • Clean up the Discover Item table entries with source is Tenable.SC
  • Update Tenable.SC Asset Transform Target Table with Computer Table.
  • Add empty the Mac-Address values for TenableSC Asset Import processor script and transform map onBefore script for not updating the mac-address from Tenable.SC.
  • I'm not using Tenable ServiceGraph connector so it will not create any entry in Incomplete IP address table after the Discover Item table cleanup

 

Update TenableSCVulnerabilitiesProcessor 

 

LijuJohn1_0-1702319249024.png

 

Update Tenable.sc Asset Transform-> onBefore script

 

LijuJohn1_1-1702319839878.png

 

 

 

 

Go to solution
Maloy Banerjee1
Tera Expert
In response to Liju John1

‎12-15-2023 06:08 AM

Hi @Liju John1 ,

 

I am not running the Tenable.sc Fixed Asset Integration and Tenable.sc Open Asset Integration jobs. I am only running Tenable.sc Fixed Vulnerabilities Integration and Tenable.sc Open Vulnerabilities Integration jobs.

So, will there still be any need for updating the On-before Transform Map - Tenable.sc Asset Transform? Does this Transform map automatically work in the background?

 

 

Regards,

Maloy

 

0 Helpfuls

Go to solution
Liju John1
Mega Guru
In response to Maloy Banerjee1

‎12-15-2023 11:20 AM

yes, you don't have to update the transform map then.

0 Helpfuls

Go to solution
Maloy Banerjee1
Tera Expert
In response to Liju John1

‎12-16-2023 05:21 AM - edited ‎12-16-2023 05:23 AM

Unfortunately, deactivating the MAC Address CI lookup rule created another problem for me. There were Vulnerable items created with empty CIs. I am not sure if the reason for VITs created with empty CIs is due to deactivating the MAC Address CI lookup rule but unfortunately, the solution provided by you didn't help me.

 

But I found a solution from the below link which says, If the MAC address is available, the network adapter entry is created and related to the unclassed hardware CI. If both the IP and MAC addresses are available, the IP address CI is also created and related to the unclassed hardware CI.

 

https://docs.servicenow.com/bundle/sandiego-security-management/page/product/vulnerability-response/...

0 Helpfuls