During which scenarios, VR system updates attributes on existing CIs in ServiceNow CMDB?

Abhinandan Pati
Giga Guru

Hi Community,

 

I had posted a question: Solved: What differentiates Unmatched CIs from Unclassed C... - ServiceNow Community  and  @andy_ojha  responded to my query. (The more you know - SecOps and CMDB Interactions - YouTube)  and  @andy_ojha's  response helped me a lot to understand the role of IRE in matching process.

 

I do have one more question related to 'VR System updating existing CI attributes'. Please refer attached snapshot from the video.Capture.JPG

I would like to know which are those edge case scenarios during which VR System updates attributes of existing CI.

Please do share if there are any documentation or knowledge article around these scenarios. I would like to know list of fields that get updated and where is it configured? If possible, please share the OOB script that is taking care of this.

 

@Eric Feron @rahimulah @sivamallu @Chris McDevitt  @Jan Spurlin @Madhumitha Redd @Elizabeth Skogq @John Gibbons @Anthony Ramos  @__andy-b2poYQ__ 

 

Thanks,

Abhinandan

1 REPLY 1

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there,

The primary edge case, is essentially Scenario 3 in the video (https://youtu.be/-Y-P9hD0hUI?t=786)

  • Recall there are two queries made to the CMDB, and three overall lookups 
    • Lookup 1 (try to find an existing Discovered Item)
    • Lookup 2 (try to find a CI in CMDB via SecOps CI Lookup Rules)
    • Lookup 3 (try to find a CI in CMDB via IRE before inserting a new CI)
  • When we import a host from a 3rd party scanner and initially we do not match to an existing CI in the CMDB via a SecOps CI Lookup Rule - we not immediately create a new CI
  • IRE first attempts to find a CI in the CMDB, before inserting a new CI 
  • The edge case may occur when the SecOps CI lookup rules miss and do not find an existing CI (perhaps we ignored certain elements, or have very narrow conditions on the SecOps CI Lookup rules) 
  • Then IRE, does another query on the CMDB - BEFORE attempting to create a new CI 
  • If IRE matches to an existing CI in the CMDB, it may update attributes on that CI it matched to for fields like OS, FQDN, Name, IP Address

---------------------------------------------------

On the Community Post, we attached a reference KB Article (does require valid customer login) that may help.

Community Post:
 - https://www.servicenow.com/community/secops-articles/the-more-you-know-secops-and-cmdb-interactions-...

 

KB Article:

Presenters: Denny Ng and Andy Ojha Primary focus: Interactions between SecOps (VR/CC) and NOW CMDB: - Review the overall host lookup process in the current generation of the SecOps applications for VR and CC - Clarifying common misconceptions we hear in the field - Review how CMDB IRE and SecOps ...