The CI Lookup Rules module contains rules that define what fields have matching data in the Configuration Management Database (CMDB). These rules are used to identify applications and application releases and add them to the application vulnerable item (AVI) record to aid in remediation.

Before you begin

Role required: App-Sec Manager group

About this task

Creating CI lookup rules requires advanced ServiceNow and Application Vulnerability Management expertise. Rather than modifying one of the existing lookup rules, consider copying it and modifying the copy. When you are satisfied that the new rule does what you want, deactivate the original.
Note: Rules, once removed, cannot be recovered. Rather than removing existing rules, deactivate them when creating new ones.

Procedure

  1. Navigate to All > Security Operations > CMDB > CI Lookup Rules.
  2. Click New.
  3. On the form, fill in the fields.
    Table 1. CI lookup rule form
    Field Description
    Name Name of the rule.
    Lookup method Method used for matching. Choices are:
    • Script: Pre-built or custom script.
    • Field matching: Search on table or field in the CMDB.
    Type Type used with the Script Lookup method.
    Order Order of precedence for the rule. Matches with the lowest order are evaluated first.
    Active Check box for whether the rule is active or disabled.
    Source Source used as input to this rule. Once chosen, Condition filters appear.
    Source field Source field used as input to this rule. Fields must be a string or number.
    Description Text describing the rule.
    V19.0: Lookup target Lookup approach you want to follow. Select from:
    • Configuration item
    • Product model
    Script Editable sample script, based on the Type, is shown. Implement the custom script following the comments included in the template of the default function.
    Note:

    The process function has three parameters: rule, sourceValue, and sourcePayload
    Search on CI table Table to search within the CMDB. Used with field matching Lookup Method.
    V19.0: Search on product table If you choose the Product model Lookup target, the default value is Application Model.
    Search on CI field Field that contains information that can be used to locate a CI. Used with the field matching Lookup method. This field may be on the CI record, or on a related record, such as a network adapter.
    V19.0: Search on product model field If you choose the Product model Lookup target, the default value is Name.
  4. Click Submit.
    Figure 1. Example of a CI lookup rule using a script
    CI lookup rule using a script