Discovered Item Record Not Being Created

Go to solution
Ronald Merlino
Tera Expert

‎05-24-2022 06:04 AM

It is my understanding that through the CI lookup process if a CI is not found in the CMDB an unmatched or unclassified is created in the sec_cmn_unmatched_ci or cmdb_ci_unclassed_hardware tables respectively and then a Discovered Item record is created to associate vulnerabilities to those CIs.   What we are seeing is that the unmatched or unclassified records are being created but no corresponding Discovered Item record.  

0 Helpfuls
  • 1,060 Views
1 ACCEPTED SOLUTION

Go to solution
Ronald Merlino
Tera Expert

‎05-26-2022 08:33 AM


-After further investigation, we found that there is a custom Query business rule on cmdb_ci table
https://kpdev.service-now.com/nav_to.do?uri=sys_script.do?sys_id=e10b0b9a1ba181101a6011761a4bcb64
which excludes data from certain tables to be returned.

-These tables are defined in the "kp.vr_cc.cmdb.excluded_tables" property currently having value as sn_sec_cmn_unmatched_ci,cmdb_ci_incomplete_ip,cmdb_ci_unclassed_hardware
https://kpdev.service-now.com/nav_to.do?uri=sys_properties.do?sys_id=0731216997d5495414653e0e6253af7f

-Due to this, during import host processing of ingested records, even though the entries were being added in the unmatched_ci table, we were not able to see any records being added in the discovered items table.

View solution in original post

0 Helpfuls
7 REPLIES 7

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎05-24-2022 11:32 AM

Hi,

Under Vulnerable Item, add the Discovered Item field to the List view. What is there?

find_real_file.png

Preview file
65 KB
0 Helpfuls

Go to solution
Ronald Merlino
Tera Expert
In response to Chris McDevitt

‎05-24-2022 12:35 PM

Clarification.  

I would expect entries in the Discovered item table for both matched and unmatched CI.  But I am only seeing match entries.  When I .list the sec_cmn_unmatched_ci and  cmdb_ci_unclassed_hardware tables I have entries in these table.  I would expect a corresponding entry in the Discovered Item for the unmatch and unclassified entries in the sec_cmn_unmatched_ci and cmdb_ci_unclassed_hardware table.    

0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
In response to Ronald Merlino

‎05-24-2022 12:57 PM

You have zero Unmatched Discovered Items?

find_real_file.png

Preview file
41 KB
0 Helpfuls

Go to solution
Ronald Merlino
Tera Expert
In response to Ronald Merlino

‎05-24-2022 12:59 PM

Also when I added Discovered Item to the VIT view, I then groups by on Discovered Items and have VIT with empty Discovered Items. 

 

find_real_file.png

Preview file
20 KB
0 Helpfuls