When linking vulnerability information to configuration items, are only lookup rules used?

kuroiwa
Tera Contributor

Vulnerability information integrated from third parties (such as Tenable)
To link this vulnerability to CI, it is necessary to search for configuration items.

Is it correct to think that only lookup rules are used at this time?
Are IRE or identification rules not used?


If you know the answer, could you please let me know.

Reference:
https://www.servicenow.com/docs/bundle/xanadu-security-management/page/product/security-operations-c...

2 REPLIES 2

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there,

 

Check out Scenario 2, in this YouTube video (10:52):

It's a combination of both, 1) SecOps Lookup Rules (to attempt to match to a CI) and 2) IRE to do a secondary lookup, along with inserting a new CI if one is not found if a CI is not found in either 1) or 2).

 

The Community Article for the video has some attachments included, with additional diagrams and tips/tricks:

Hi @andy_ojha ,

Thank you very much. That was a great answer. I understood it well.


By the way, if a Discovered Items already has an UnClassed Hardware record associated with it, does it re-search the CMDB by LookUp Rule or IRE?
In other words, what happens if data for which a record exists in Discovered Items is received a second time from VR?

I am sorry, but could you please let me know. Thank you in advance.