@PurushothKumar Troubleshooting Steps

Step 1: Review the Discovered Item and Detection Records

1.Review the Vulnerable Item (VIT) with the problem: Open the VIT record and identify the CI associated with it.

2.Review the Discovered Item vs. Detection: Open the Detection record related to the Discovered Item. Compare all host-related fields (IP Address, Hostname) between the Detection record and the CI the Discovered Item should have matched (the Server CI). •Check for any differences, no matter how small (case sensitivity, extra spaces, domain suffixes).•Verify the CI matching rule field on the Discovered Item to determine which rule was used (or attempted to use) to match the CI.

Step 2: Review and Adjust CI Lookup Rules for Vulnerability Response

2.Understand Rule Order and Criteria: Rules are evaluated in order. A less specific rule higher up in the order may incorrectly match items. Examine the rules that would probably apply to your servers and IP switches.•Unique Identifiers First: Make sure that your server rules are adjusted to prioritize unique fields such as Serial Number, BIOS UUID, or Hostname and Domain together, rather than IP Address alone.•Increase Specificity: If a rule is IP-based, add additional criteria to limit it to servers. This might look like: "Match IP Address AND OS contains 'Windows' or 'Linux' AND CI Class is cmdb_ci_server."

•Test rule changes: After adjusting your rules, it is important to test them. ServiceNow provides the ability to reapply CI matching rules to Discovered Items.

If this response proves useful, please mark it as Accept as Solution and Helpful.