Regarding the CI placeholder record created during vulnerability data ingestion.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2025 04:23 PM
After capturing vulnerability data, if the CI look up does not match the CI, a placeholder record is recognized to be created in cmdb_ci_unclassed_hardware.
Reference: https://www.servicenow.com/docs/bundle/xanadu-security-management/page/product/vulnerability-respons... hardware.html
Then, when the next round of vulnerability data capture is performed, will the CI look up match the CI created in cmdb_ci_unclassed_hardware and will a vulnerability match item be created?
Or are no vulnerability matching items created?
There is a property “sn_sec_cmn.ignoreCIClass” to ignore CI classes, but there is no table setting for the property in OOTB.
There is a similar property “sn_sec_cmn.ignoreCIClassForService”, which has a table set for cmdb_ci_unclassed_hardware.
Since there are no Docs that clearly describe the usage of “sn_sec_cmn.ignoreCIClassForService”, we would like to confirm the specification of this property.
Are tables set in “sn_sec_cmn.ignoreCIClassForService” excluded from CI look up when capturing vulnerability information?
Reference: https://www.servicenow.com/docs/bundle/vancouver-security-management/page/product/security-operation... classes.html