We have several vulnerability detections from Tanium that show to be on a Windows device in Tanium that when ingested into ServiceNow, are getting matched to a Linux device. The CI lookup rule for IP Address is matching, however it would also be a match to this same CI based on Serial Number, Name and FQDN. Also, this CI is being classified as a Linux server based on Discovery. We have also ruled out the possibility that this device was reimaged from a Linux to Windows OS. What could be the cause for the discrepancy between what Tanium is showing (and sending over) and what ServiceNow Discovery shows this device to be? Has anyone seen or experienced this and was able to find the cause/fix?
