We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

How to access attributes present on Discovered Item record in Lookup rules

Sandeep132
Kilo Sage

3 weeks ago

When building Lookup rules for matching the incoming data from tools like Qualys, the script has access only to the source payload. Is there a way we can access other attributes present on the discovered item record inside these Lookup rules scripts? For example when we are using "Qualys CSPM" module for configuration compliance, information related to AWS Accounts like Account ID, AWS Object Type are stored as separate attributes on the discovered item record. In order to match with CMDB record we need access to these attributes. Especially for matching objects like IAM Policies, Users the information present in source payload is not sufficient. 

0 Helpfuls
  • 319 Views
1 REPLY 1

andy_ojha
ServiceNow Employee

3 weeks ago - last edited 3 weeks ago

Hey there.

 

This is a valid approach to perform the CI Matching operations.


We'll need to slightly shift how we are looking at this though.  

 

The Discovered Item record, is created after we perform the initial CI Lookup attempt.  Regardless of whether we match to a CI or have to create a new CI, the Discovered Item record is created.

What this means is, you would access those objects from the [Source payload] directly, in your CI Lookup Script as you craft the logic to perform the lookup (rather than the Discovered item). 

 

Those same objects from the [Source payload] are eventually used as inputs to the set the values on the Discovered Item record that is created (after the CI Lookup logic is ran).

 

If you check out the CI Lookup Rule that is shipped with the Qualys CSPM Store App (Name = Qualys CSPM Cloud Resource Id) and open up the script -> do a string search for "sourcePayload".   You will see how to access different objects from the [sourcePayload] that you have access to when crafting your lookup logic.  

 

You can use these data values, in your queries to the CMDB and you can be selective about which values you use and which target tables in CMDB you query at the same time.

 
sourcePayload.resource_type
sourcePayload.regionId
sourcePayload.accountId
 
I don't have a real example of a file from Qualys CSPM - but you could then review the actual data that Qualys returns in either the raw payload file, or if you have already imported some data -> the Discovered Item.Source_data field - to see what other objects might be useful to consider in your Lookup Rule logic.
0 Helpfuls