duplicate unmatched CI creation from qualys on CMDB for Vulnerability response

IceIronDragon
Tera Guru

Hello All,

 

We have VR in place.

We see that there are duplicate of the CI being created as unmatched CI.

Why is this happening and how could we prevent it ?

 

IceIronDragon_0-1668005679812.png

 

8 REPLIES 8

john_gibbons
ServiceNow Employee
ServiceNow Employee

We are using custom CI lookup rules, not sure if the problem is look up rules or is it how Qualys scans the CI as the ip address associated is different on the duplicate CI. 

The original CI is of class computer, could it be that the PC has different ip address on the nic card and that is why it is representing the NIC card as unmatched Ci as the nic card info is not on cmdb.

Is the Source ID value on the Discovered Items the same or all different?  DHCP can cause matching issues because of the IP changes. Consider using Asset Tracking and Data Merging process in Qualys or Merging Unauthenticated and Agent Scan Results.

is the Source ID for the endpoint listed in the screen clip all the same in discovered items