Discovered Items not matching existing CI

juliesutton · ‎03-03-2020

We are using Qualys to import our vulnerabilities. When a discovered item doesn't match an existing CI, how do you resolve that?

Dan Daugherty · ‎03-04-2020

Hey, Julie.

If I recall correctly, when you discovery rules run, they should be robust enough to find the unclassified ci and reclassify it for you. You may need to adjust your discovery rules to find these, though. That takes care of the potential for a duplicate ci.

The discovered item is a different story, and I'm not 100% if the matching that would happen during discovery will flip the unmatched flag in the discovered items table to false. I know if you use the Reclassify option on the Discovered Item, it will set it to matched and reclassify the CI for you.

Also, after that reclassification, the next scan for that ci will find the same discovered item and should flip the unmatched flag to false.

We are hoping for low volumes of unmatched ci's, though. Initially it can be a hassle to have to reclassify a large number of ci's by hand, but after the ci matching rules are flushed out, you should see a decrease in the number of new unmatched ci's.

Let me know if this helps.

Thanks,
Dan

View solution in original post

Dan Daugherty · ‎03-04-2020

Hey, Julie.

If I recall correctly, when you discovery rules run, they should be robust enough to find the unclassified ci and reclassify it for you. You may need to adjust your discovery rules to find these, though. That takes care of the potential for a duplicate ci.

The discovered item is a different story, and I'm not 100% if the matching that would happen during discovery will flip the unmatched flag in the discovered items table to false. I know if you use the Reclassify option on the Discovered Item, it will set it to matched and reclassify the CI for you.

Also, after that reclassification, the next scan for that ci will find the same discovered item and should flip the unmatched flag to false.

We are hoping for low volumes of unmatched ci's, though. Initially it can be a hassle to have to reclassify a large number of ci's by hand, but after the ci matching rules are flushed out, you should see a decrease in the number of new unmatched ci's.

Let me know if this helps.

Thanks,
Dan

juliesutton · ‎03-04-2020

Fingers crossed 🙂

BTW, we are getting really close for this entire process working. I am very happy with the product!

Kevin149 · ‎05-13-2020

Did you ever find a solution to this? I'm dealing with a pretty ugly CMDB and I'm finding that specifically with Desktops/Laptops the CI matching is abysmal. What happens is that a VI gets created and it can't find a CI so it just creates a new record and marks it "Unmatched." Then some time down the road a new computer has that IP address but a different Netbios/DNS name as the unmatched record and so now a new VI is created and it matches to the IP of the unmatched CI record and now it's ALL screwed up!

juliesutton · ‎05-13-2020

Not yet, we are still working on making this work for us.

Runjay Patel · ‎12-20-2020

Check out this video, it will clear all your doubts and help you to understand Discovery queries in details.

Link: https://www.youtube.com/watch?v=30JbWVsusyE&t=10s&ab_channel=ServiceNowHelpdesk

It help you to understand below points.

Discovery Overview
Discovery prerequisite
Understanding Discovery Phases in details
Discovery credentials and IP Affinity
Mid Server Management with Cluster and Load Balancer
Schedule jobs
Set up discovery from scratch to end
Live implementation with real world data.
Troubleshooting on various aspects
Many more other issue related to mid server, CIs
Cloud discovery
Service Mapping

Please mark reply as Helpful/Correct, if applicable. Thanks!!