Using IRE for CI creation information
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
21m ago - last edited 19m ago
Prior to Vulnerability Response v12.2, if a matched CI isn’t found either in the Discovered Items list or CMDB, a CI is created in the Unmatched CI class (sn_sec_cmn_unmatched_ci). For more information, see Unmatched CIs.
Starting with v24.0.6 of Vulnerability Response, if IRE encounters exceptions that prevent the creation of CIs, the specifics of these exceptions are recorded in the Additional Information field. By examining the details in this field, you can determine the root cause and implement the necessary corrections to ensure the CI is successfully created.
Starting with Vulnerability Response v12.2 to v18.0, if no match is found when the CI lookup rules are applied, the asset information is sent to IRE and a CI is created in one of the Unclassed Hardware and Incomplete IP Identified Device classes. Starting from Vulnerability Response v18.0, a new class, Cloud Resource is also included. For more information on how to configure the categorization of unmatched cloud resources into your preferred CI class, see Updating CI class for unmatched cloud assets.
CMDB CI classes
Note: To use the new classes, activate the CMDB CI Class Models plugin. Otherwise, CIs are created in the Unmatched CI class.
If the host that you imported from a third-party scanner can't be found in the Discovered Items list or CMDB, it’s created in one of the following new CMDB CI classes.
CMDB CI Class | Description |
Incomplete IP Identified Device (cmdb_ci_incomplete_ip) | CI is created in this table if only the IP address is available in the host information that is received from the scanner. |
Unclassed Hardware (cmdb_ci_unclassed_hardware) | CI is created in this table if any of the following information is available in the host information that is received from the scanner:
Note: If the MAC address is available, the network adapter entry is created and related to the unclassed hardware CI. If both the IP and MAC addresses are available, the IP address CI is also created and related to the unclassed hardware CI. |
Cloud Resource (cmdb_ci_cmp_resource) | CI is created in this table if Cloud Resource ID is available in the host information that is received from the scanner. Note: If the Asset Type of a scanner integration is Hybrid and the sn_sec_cmn.unmatched_cloud_resource_enabled system property is false, the CIs are created in the Unclassed Hardware class but not in the Cloud Resource class. |
CMDB CI classes
If the Identification and Reconciliation engine (IRE) is activated, the reclassify option from discovered items is not supported.
The system automatically uses an Unmatched CI class if one of the following occurs:
- The CMDB CI Class plugin is not activated.
- IRE raises an exception while creating a CI.
For more information, see Unmatched CIs.
Please mark it as HELPFUL, If this found informational.
Thanks & Regards
Yamsani Bhavani
ServiceNow Developer - SecOps, GRC
