duplicate unmatched CI creation from qualys on CMDB for Vulnerability response

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2022 06:55 AM
Hello All,
We have VR in place.
We see that there are duplicate of the CI being created as unmatched CI.
Why is this happening and how could we prevent it ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2022 12:54 PM
You need to check your CI Lookup rules. Are you using IRE?
Some additional links that may help.
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0998706

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2022 05:41 PM
We are using custom CI lookup rules, not sure if the problem is look up rules or is it how Qualys scans the CI as the ip address associated is different on the duplicate CI.
The original CI is of class computer, could it be that the PC has different ip address on the nic card and that is why it is representing the NIC card as unmatched Ci as the nic card info is not on cmdb.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2022 02:17 PM
Is the Source ID value on the Discovered Items the same or all different? DHCP can cause matching issues because of the IP changes. Consider using Asset Tracking and Data Merging process in Qualys or Merging Unauthenticated and Agent Scan Results.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2022 02:18 PM
is the Source ID for the endpoint listed in the screen clip all the same in discovered items