Discovered item not matching the right CI

Gagandeep6 · ‎12-21-2022

Hi,

When i click on the Reapply button, the discovered items are getting matched with the CI’s belonging to Unclassed Hardware class. There are CIs available with the same name belonging to the Window server class.

When ever I run the code for the FDQN rule using a background script, the right CI (CI belonging to Window server class is returned).

Can somebody help me with why this is happening/ how to resolve this?
TIA

emir · ‎12-21-2022

We need more info. What do your identification rules look like. Who is creating unclassed CIs? Disco, Event, VR?

Gagandeep6 · ‎12-21-2022

Thank you for looking into this. The unclassed CI's are getting created by VR.system.

The FQDN rule looks like the following:

var ignore = global.SecProperty.getProperty("sn_sec_cmn.ignoreCIClass", "");
sourceField[rule.source_field] = sourceValue;
// Split at '.' to remove domain

// Search for Split FQDN on Name Field
cmdbci = new GlideRecord("cmdb_ci");
cmdbci.addQuery("name", fqdn);

cmdbci = _queryMatch(cmdbci, rule, sourceField);

if (cmdbci)
return cmdbci.getUniqueValue();

emir · ‎12-21-2022

is this your own code? I am not too familiar with VR lookups.

However, at CMDB Hardware level there is already a field called fqdn, if your Vulnerabilities are coming from hardware only, use that instead of to speed up the lookups and compare the incoming name to name first, then fqdn field then finally remove the "dots for a last check".

Also, what is coming back from that property?

Gagandeep6 · ‎12-22-2022

When ever i run the code in the FQDN rule using a Background script, i match with the right CI. (CI not with the unclassed hardware class )