During which scenarios, VR system updates attributes on existing CIs in ServiceNow CMDB?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2023 02:55 AM - edited 04-05-2023 08:29 AM
Hi Community,
I had posted a question: Solved: What differentiates Unmatched CIs from Unclassed C... - ServiceNow Community and @andy_ojha responded to my query. (The more you know - SecOps and CMDB Interactions - YouTube) and @andy_ojha's response helped me a lot to understand the role of IRE in matching process.
I do have one more question related to 'VR System updating existing CI attributes'. Please refer attached snapshot from the video.
I would like to know which are those edge case scenarios during which VR System updates attributes of existing CI.
Please do share if there are any documentation or knowledge article around these scenarios. I would like to know list of fields that get updated and where is it configured? If possible, please share the OOB script that is taking care of this.
@Eric Feron @rahimulah @sivamallu @Chris McDevitt @Jan Spurlin @Madhumitha Redd @Elizabeth Skogq @John Gibbons @Anthony Ramos @__andy-b2poYQ__
Thanks,
Abhinandan

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2023 05:51 AM
Hey there,
The primary edge case, is essentially Scenario 3 in the video (https://youtu.be/-Y-P9hD0hUI?t=786)
- Recall there are two queries made to the CMDB, and three overall lookups
- Lookup 1 (try to find an existing Discovered Item)
- Lookup 2 (try to find a CI in CMDB via SecOps CI Lookup Rules)
- Lookup 3 (try to find a CI in CMDB via IRE before inserting a new CI)
- When we import a host from a 3rd party scanner and initially we do not match to an existing CI in the CMDB via a SecOps CI Lookup Rule - we not immediately create a new CI
- IRE first attempts to find a CI in the CMDB, before inserting a new CI
- The edge case may occur when the SecOps CI lookup rules miss and do not find an existing CI (perhaps we ignored certain elements, or have very narrow conditions on the SecOps CI Lookup rules)
- Then IRE, does another query on the CMDB - BEFORE attempting to create a new CI
- If IRE matches to an existing CI in the CMDB, it may update attributes on that CI it matched to for fields like OS, FQDN, Name, IP Address
---------------------------------------------------
On the Community Post, we attached a reference KB Article (does require valid customer login) that may help.
Community Post:
- https://www.servicenow.com/community/secops-articles/the-more-you-know-secops-and-cmdb-interactions-...
KB Article:
- How to prevent updates of configuration items in CMDB created by other sources (KB0963059) (Requires Customer Login Account)