Mike,
To fix this going forward, you will need to tell it to 'ignore' the classes you do not want it to match against.
https://docs.servicenow.com/bundle/orlando-security-management/page/product/security-operations-comm...
Next, you need to know that once an item is "matched" and a record is placed in the Discovered Items module, that match will be used gain. Long story short deletes the incorrect march from the Discovered Items module after using the Ignore CI Class System Property.
(This is different VR v9 vs. v10)
"What's the best/cleanest way to reconcile without losing historical data?"
I am going to assume that this is already in production?
If not you need to delete the VIT, VID (v10), M2M, Vul, and SDI records and reload.
If you already have this in production, you have a bit more of a challenge.
This is what I would do:
1. Look at the VIT and get the 'CI name' and test to see if it is in a class you do not want. Use the 'CI name' to ONLY look in the class(s) you want it to match against and update the VIT.
2. You will need to return the assignment rules (v9 you will need to script, v10 is not built-in)
3. If the underlying VIT support team is now different than the Vul Grp you will need to update the Vul Grp Assignment Group from the VIT Assignment Group.
Assumptions
- You VGR had Assignment Group pointing to the VIT
- That the underlying VIT does not change the way, the VGR would have grouped them.
Go ahead and mark this as helpful or Correct!
