Creating CIs using the Identification and Reconciliation engine

Release version: Australia

Updated March 12, 2026

2 minutes to read

Summarize

Summarized using AI

Summary of Creating CIs using the Identification and Reconciliation engine

This topic explains how ServiceNow customers can create configuration items (CIs) in the Configuration Management Database (CMDB) using the Identification and Reconciliation engine (IRE) API. Using IRE for CI creation helps prevent duplicates and ensures only authoritative data sources update the CMDB. It supports reconciliation of CI attributes and manages unmatched CIs effectively.

Show full answer Show less

Key Features

CI Creation Process: When no matching CI is found in the Discovered Items list or CMDB, a new CI is created in the Unmatched CI class (snseccmnunmatchedci).
Error Handling: Starting from Vulnerability Response v24.0.6, exceptions preventing CI creation are logged in the Additional Information field for troubleshooting.
Unmatched CI Classes:
- From v12.2 to v18.0, unmatched assets are classified into Unclassed Hardware and Incomplete IP Identified Device classes.
- From v18.0, a new Cloud Resource class is added to categorize cloud-related unmatched assets.
- The CMDB CI Class Models plugin must be activated to use these classes; otherwise, unmatched CIs default to the Unmatched CI class.
CI Class Descriptions:
- Incomplete IP Identified Device (cmdbciincompleteip): For hosts with only IP address info.
- Unclassed Hardware (cmdbciunclassedhardware): For hosts with hostname, IP, DNS, NETBIOS, or MAC address. Related network adapter and IP address CIs are created if MAC and IP are present.
- Cloud Resource (cmdbcicmpresource): For hosts with Cloud Resource ID, representing cloud assets.
System Properties and Behavior:
- The system property snseccmn.unmatchedcloudresourceenabled controls whether unmatched cloud assets are categorized as Cloud Resource or Unclassed Hardware.
- If the Identification and Reconciliation engine is active, manual reclassification from discovered items is not supported; the system automatically assigns unmatched CI classes.
- Exceptions during CI creation cause automatic assignment to Unmatched CI class.

Practical Considerations for ServiceNow Customers

Activate the CMDB CI Class Models plugin to leverage the enhanced CI classification for unmatched assets.
Review the Additional Information field in records if CI creation fails to identify and resolve errors.
Configure the snseccmn.unmatchedcloudresourceenabled property based on how you want unmatched cloud assets to be categorized.
Understand that unmatched assets from third-party scanners like Qualys, Rapid7, and Tenable will be automatically categorized according to these rules to maintain CMDB data integrity.

You can create configuration items (CIs) in the Configuration Management Database (CMDB) using the Identification and Reconciliation engine (IRE) API. By using the IRE API to create CIs, you can prevent duplicate CIs from being created and you can reconcile CI attributes by allowing only authoritative data sources to write to CMDB.

A CI class (table) is the original table name in the instance database. CMDB contains base system classes that store data about CIs.

Using IRE for CI creation

If a matched CI isn’t found either in the Discovered Items list or CMDB, a CI is created in the Unmatched CI class (sn_sec_cmn_unmatched_ci).

Starting with v24.0.6 of Vulnerability Response, if IRE encounters exceptions that prevent the creation of CIs, the specifics of these exceptions are recorded in the Additional Information field. By examining the details in this field, you can determine the root cause and implement the necessary corrections to ensure the CI is successfully created.

Starting with Vulnerability Response v12.2 to v18.0, if no match is found when the CI lookup rules are applied, the asset information is sent to IRE and a CI is created in one of the Unclassed Hardware and Incomplete IP Identified Device classes. Starting from Vulnerability Response v18.0, a new class, Cloud Resource is also included. For more information on how to configure the categorization of unmatched cloud resources into your preferred CI class, see Updating CI class for unmatched cloud assets.

CMDB CI classes

Note:

To use the new classes, activate the CMDB CI Class Models plugin. Otherwise, CIs are created in the Unmatched CI class.

If the host that you imported from a third-party scanner can't be found in the Discovered Items list or CMDB, it’s created in one of the following new CMDB CI classes.

Table 1. CMDB CI classes
CMDB CI Class	Description
Incomplete IP Identified Device (cmdb_ci_incomplete_ip)	CI is created in this table if only the IP address is available in the host information that is received from the scanner.
Unclassed Hardware (cmdb_ci_unclassed_hardware)	CI is created in this table if any of the following information is available in the host information that is received from the scanner: Host name IP address DNS NETBIOS MAC address Note: If the MAC address is available, the network adapter entry is created and related to the unclassed hardware CI. If both the IP and MAC addresses are available, the IP address CI is also created and related to the unclassed hardware CI.
Cloud Resource (cmdb_ci_cmp_resource)	CI is created in this table if Cloud Resource ID is available in the host information that is received from the scanner. Note: If the Asset Type of a scanner integration is Hybrid and the sn_sec_cmn.unmatched_cloud_resource_enabled system property is false, the CIs are created in the Unclassed Hardware class but not in the Cloud Resource class.

If the Identification and Reconciliation engine (IRE) is activated, the reclassify option from discovered items is not supported.

The system automatically uses an Unmatched CI class if one of the following occurs:

The CMDB CI Class plugin is not activated.
IRE raises an exception while creating a CI.