Hi Jordan,
Your questions is addressed by creating a reconciliation rules and also creating CI Lookup rules (once you create or modify exiting one make sure you re-apply the rule).
Here is example of report you will get once you re-apply the CI Lookup rules:
xx - Total Discovered items processed
xx - Updated Discovered items
xx - Unchanged Discovered items
xx - Discovered items could not be processed due to Exception
xx - Discovered items updated with CI
xx - Discovered items updated with Lookup Rules
xx - Newly created CIs.
When you create CI Lookup rules make sure understanding the following 5 points. The CI Lookup Rules define how the asset data from your third-party sources will be used to identify Configuration Items in the CMDB using the following fields:
- • Name – name of the rule
- • Order - order in which this rule should be evaluated relative to other rules
- • Lookup method – the method used for matching which is either a pre-built script (IP Address, DNS name, etc.), custom script, or selecting a table and field in the CMDB
- • Active – flag that indicates whether the rule is active or disabled
- • Source and Source field – the source and specific source field that is being used as input to this rule
Here is an example of CI Lookup rule you can find in the base system and pay closer attention to the commented lines to understand what really going on in the code:
// _queryMatch function checks if the query returns 0, 1 or more than 1 CI.
// it returns:
// null: if no CI found
// ci record: if a unique CI was found
// the first CI record found: if more than 1 CI was found and log a duplicate error message
// To avoid specific CI classes ,add the class names, comma separated, to the property sn_sec_cmn.ignoreCIClass
(function process(rule, sourceValue, sourcePayload) {
var sourceField = {};
var ignore = global.SecProperty.getProperty("sn_sec_cmn.ignoreCIClass", "");
sourceField[rule.source_field] = sourceValue;
var cmdbci = new GlideRecord("cmdb_ci");
cmdbci.addQuery("name", "IN", sourceValue);
if (!gs.nil(ignore))
cmdbci.addQuery('sys_class_name','NOT IN', ignore);
cmdbci.query();
cmdbci = _queryMatch(cmdbci, rule, sourceField);
if (cmdbci)
return cmdbci.getUniqueValue();
return null;
})(rule, sourceValue, sourcePayload);Also create a reconciliation rules that specify which discovery sources can update class attributes, and the precedence order among your discovery sources like the scanners. Ensure that there is a reconciliation rule for each discovery source that is authorized to update an attribute. Reconciliation rules can be defined at the parent and the child class level.
Discovery sources, such as EventManagement, ImportSet, ManualEntry, and Tivoli, are used with the createOrUpdateCI() API to simulate manual updates to CIs. Without reconciliation rules, discovery sources are allowed to overwrite each other's updates to attribute values.
For example, you might have the following reconciliation rules. The rules are created for the cmdb_ci_computer class and one of its child classes, the cmdb_ci_linux_server class. The rules specify the following:
- Discovery is exclusively authorized to update the name attribute in the cmdb_ci_computer class.
Because reconciliation rules are derived by child classes from parent classes, this rule also authorizes Discovery to update the name attribute in any child classes for the cmdb_ci_computer class.
- ServiceWatch is exclusively authorized to update the name attribute in the cmdb_ci_linux_server class.
- ServiceWatch is exclusively authorized to update all attributes in the cmdb_ci_linux_server class, as configured by leaving the Attributes field empty in the rule.
Last but not least the sn_sec_cmn_src_ci table records are set to be not deleted. The ACL is set to nobody and not recommending you to change it.
If my answer helped you in any way, please then mark it as helpful.
Kind regards,
Mohammed Kemal!
