DNS changes on open VIT

14Hernan
Tera Contributor

if the DNS changes on an open VIT, is there a scheduled job that would automatically reapply CI matching rules? 

1 ACCEPTED SOLUTION

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there.

 

On the Discovered Item, changes to values like DNS Name, FQDN are detected from the 3rd party vulnerability scanner (visible on the DI > Source Data) which gets updated to reflect those changes.  The DI > Initial Source Data reflects the raw payload when we first saw the asset / created the Discovered Item.

The Discovered Item has a field called "Re-Evaluate" CI that will get set to 'True' when these types of changes are detected.

 

A scheduled job named "Re-apply CI Lookup Rules on the Changed Discovered items" can then selectively re-apply the CI Lookup rules for those Discovered Items where these changes are detected.  This job is inactive by default.


Then, impacted VITs or CC Test Results, can have core logic (like Assignment Rules, Risk Scoring Calculators) trigger to be re-evaluated if the CI on the Discovered Item is updated (i.e. a better CI is found and swapped on the Discovered item)

  • This is controlled by the System Property -> [sn_sec_cmn.update_on_ci_change]

Reference:

 

View solution in original post

1 REPLY 1

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there.

 

On the Discovered Item, changes to values like DNS Name, FQDN are detected from the 3rd party vulnerability scanner (visible on the DI > Source Data) which gets updated to reflect those changes.  The DI > Initial Source Data reflects the raw payload when we first saw the asset / created the Discovered Item.

The Discovered Item has a field called "Re-Evaluate" CI that will get set to 'True' when these types of changes are detected.

 

A scheduled job named "Re-apply CI Lookup Rules on the Changed Discovered items" can then selectively re-apply the CI Lookup rules for those Discovered Items where these changes are detected.  This job is inactive by default.


Then, impacted VITs or CC Test Results, can have core logic (like Assignment Rules, Risk Scoring Calculators) trigger to be re-evaluated if the CI on the Discovered Item is updated (i.e. a better CI is found and swapped on the Discovered item)

  • This is controlled by the System Property -> [sn_sec_cmn.update_on_ci_change]

Reference: