Closed VITs are reopening with Different CI From Tenable

Siva P
Tera Expert

‎02-11-2025 10:32 PM

Hi Experts,

We are facing an issue with VITs are re-opened with Different CI (Retired/stale CI) from Tenable.

Need inputs on how to fix this.

Thanks in advance.

0 Helpfuls
  • 413 Views
2 REPLIES 2

joe_harvey
ServiceNow Employee
ServiceNow Employee

‎02-12-2025 04:29 PM

Hi Siva,

Without a lot of details, I would review CI Lookup rules.
 
Best guess: After the Vulnerable Item is closed, Tenable is finding the same vulnerability on a different host. CI Lookup rules may be incorrectly identifying the CI on the original VI. When VR sees the same vulnerability on the same CI, the original VI is reopened.

To verify this, take a look at all of the Discovered Item records associated with the CI. Compare the Source data [source_data] values between them and verify whether or not the CI should have been identified for them.
 
I hope that this helps,
--Joe

Siva P
Tera Expert
In response to joe_harvey

‎02-13-2025 07:48 PM

Hi Joe,

 

Thanks for your response. I will check source  details you mentioned.

0 Helpfuls