- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-24-2022 06:04 AM
It is my understanding that through the CI lookup process if a CI is not found in the CMDB an unmatched or unclassified is created in the sec_cmn_unmatched_ci or cmdb_ci_unclassed_hardware tables respectively and then a Discovered Item record is created to associate vulnerabilities to those CIs. What we are seeing is that the unmatched or unclassified records are being created but no corresponding Discovered Item record.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-26-2022 08:33 AM
-After further investigation, we found that there is a custom Query business rule on cmdb_ci table
https://kpdev.service-now.com/nav_to.do?uri=sys_script.do?sys_id=e10b0b9a1ba181101a6011761a4bcb64
which excludes data from certain tables to be returned.
-These tables are defined in the "kp.vr_cc.cmdb.excluded_tables" property currently having value as sn_sec_cmn_unmatched_ci,cmdb_ci_incomplete_ip,cmdb_ci_unclassed_hardware
https://kpdev.service-now.com/nav_to.do?uri=sys_properties.do?sys_id=0731216997d5495414653e0e6253af7f
-Due to this, during import host processing of ingested records, even though the entries were being added in the unmatched_ci table, we were not able to see any records being added in the discovered items table.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-24-2022 01:00 PM
Yes zero unmatched items.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-24-2022 01:42 PM
Mhhh...
Are you using OOB CI Lookup Rules? Did you modify the CI Ignore list?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-26-2022 08:33 AM
-After further investigation, we found that there is a custom Query business rule on cmdb_ci table
https://kpdev.service-now.com/nav_to.do?uri=sys_script.do?sys_id=e10b0b9a1ba181101a6011761a4bcb64
which excludes data from certain tables to be returned.
-These tables are defined in the "kp.vr_cc.cmdb.excluded_tables" property currently having value as sn_sec_cmn_unmatched_ci,cmdb_ci_incomplete_ip,cmdb_ci_unclassed_hardware
https://kpdev.service-now.com/nav_to.do?uri=sys_properties.do?sys_id=0731216997d5495414653e0e6253af7f
-Due to this, during import host processing of ingested records, even though the entries were being added in the unmatched_ci table, we were not able to see any records being added in the discovered items table.
