Kevin,

Typically, we try and not delete data in Production....

1. Adjust your CI Lookup Rules.

2. Close the incorrect VIs

3. Configure the Auto-Delete Rules to target the old / Closed VI

https://docs.servicenow.com/bundle/orlando-security-management/page/product/vulnerability-response/t...

4. Delete the Discovered items 

5. You may also need to delete any unmatched CI (If they are not associated with anything else...)

6. Reload the data

Test and perfect your CI Lookup rules in a lower environment.

• Most V10 integrations include a way to only pull the Hosts/Assets from the Scanner.
• • For example: "Qualys Host List Integration" only pulls the hosts from Qualys.
• Shift-Left (I get it, easier said than done....)
• • All hosts should have their Netbios name and FQDN configured at the OS level.
  • • (For your scanner...) All hosts should be in DNS (Think IPAM)
  • Make sure your Imports / Discovery integrations run before data import each day.
  • Make sure your data imports not creating junk.
  • Review the CMDB life-cycle practices of your organization
• Clean your CMDB (Duplicates, retired, junk, orphans, etc)
• Create a new CI Lookup rule to split the of the host part of the FQDN and Match in the "Name" field
• There is a good chance that you should set the rules to look at cmdb_ci_hardware for correct matches
• • Add rules to test at the cmdb_ci_hardware level first before a broader approach
• Consider setting the Install Status on your hosts, then add:
• • cmdbcihardware.addQuery("install_status", '!=', 7); //i.e. not “Retired"
• Tune all your other rules to NOT rely on the IP address rule. Buy the time it gets to the IP Address rule it is just a crapshoot.

People need to understand the VR becomes the acid test for your CMDB. Your CMDB will never be perfect, but VR will help improve its accuracy! 

Go ahead and mark this is a helpful or Correct!