CI getting created in classes other than Incomp IP identified device, Unclassed H/w and Unmatched CI

Maloy Banerjee1
Tera Expert

Hi All,

 

I have a situation where I see CIs getting created in classes other than Incomplete IP identified device, Unclassed Hardware, and Unmatched CI.

My client's requirement is, that the integration should only pick existing CIs from ServiceNow CMDB and no new CIs should be created in any other classes apart from Incomplete IP identified device, Unclassed Hardware, and Unmatched CI.

In my case CIs are getting created in IP address and Network Adaptor class.

Is there any way to stop this?

* Note: I am running only 2 scheduled jobs - Tenable.sc Fixed Vulnerabilities Integration and Tenable.sc Open Vulnerabilities Integration

 

MaloyBanerjee1_0-1702305475760.png

 

Regards,

Maloy Banerjee

1 ACCEPTED SOLUTION

Thanks for your reply. I got the answer from the below link.

https://docs.servicenow.com/bundle/sandiego-security-management/page/product/vulnerability-response/...

If the MAC address is available, the network adapter entry is created and related to the unclassed hardware CI. If both the IP and MAC addresses are available, the IP address CI is also created and related to the unclassed hardware CI.

View solution in original post

6 REPLIES 6

Liju John1
Mega Guru

I had the similar issue for Tenable.IO!!

  • Update the CMDB CI -> Lookup Rules : Deactivate the Mac-address CI Matching Rule.
  • Clean up the Discover Item table entries with source is Tenable.SC
  • Update Tenable.SC Asset Transform Target Table with Computer Table.
  • Add empty the Mac-Address values for TenableSC Asset Import processor script and transform map onBefore script for not updating the mac-address from Tenable.SC.
  • I'm not using Tenable ServiceGraph connector so it will not create any entry in Incomplete IP address table after the Discover Item table cleanup

 

Update TenableSCVulnerabilitiesProcessor 

 

LijuJohn1_0-1702319249024.png

 

Update Tenable.sc Asset Transform-> onBefore script

 

LijuJohn1_1-1702319839878.png

 

 

 

 

Hi @Liju John1 ,

 

I am not running the Tenable.sc Fixed Asset Integration and Tenable.sc Open Asset Integration jobs. I am only running Tenable.sc Fixed Vulnerabilities Integration and Tenable.sc Open Vulnerabilities Integration jobs.

So, will there still be any need for updating the On-before Transform Map - Tenable.sc Asset Transform? Does this Transform map automatically work in the background?

 

 

Regards,

Maloy

 

yes, you don't have to update the transform map then.

Unfortunately, deactivating the MAC Address CI lookup rule created another problem for me. There were Vulnerable items created with empty CIs. I am not sure if the reason for VITs created with empty CIs is due to deactivating the MAC Address CI lookup rule but unfortunately, the solution provided by you didn't help me.

 

But I found a solution from the below link which says, If the MAC address is available, the network adapter entry is created and related to the unclassed hardware CI. If both the IP and MAC addresses are available, the IP address CI is also created and related to the unclassed hardware CI.

 

https://docs.servicenow.com/bundle/sandiego-security-management/page/product/vulnerability-response/...