Reclassify unclassed hardware

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • Reclassify unclassed hardware by updating the lookup rules.

    Before you begin

    Role required: sn_sec_cmn.admin

    About this task

    The Host Import Map [sn_sec_cmn_src_cmdb_map] table displays the payload's incoming variables and their corresponding assignments in the Discovered Items table. Occasionally, discrepancies in naming conventions between the scanner and Discovery can lead to the hardware being left unclassified. While creating a new Unclassed Hardware CI, ensure that the name in the payload contains only the Host Name. Later, when Discovery identifies the asset, it can be reclassified into the appropriate CI class. If needed, a script can be written to generate a derived value that aligns with the CIs name in both Discovery and the Configuration Management Database (CMDB).

    If the Identification and Reconciliation engine (IRE) is activated, the reclassify option from Discovered Items isn’t supported.

    Procedure

    1. Navigate to the Host Import Maps [sn_sec_cmn_src_cmdb_map] table.
    2. Select a source.
    3. From the Target field list, select Name.
      The Use script check box becomes visible.
      Note:
      • The script is available only if Name is selected from the Target field list.
      • To add a script for other options in the Target field list, you must disable the UI policy by:
        • Disabling the 'Set Use script false'.
        • Disabling the 'Show or Hide Use Script'.
        • Removing the condition 'target field is name' in the 'Show or Hide Script policy'.
      • The Host Import Maps table is updated with two new columns: Script and Use script.
    4. Select the Use script check box.
      The Script field displays the default script but you have an option to create a custom one. In this field, you can specify the source and derived values to align with the database's naming convention. The value generated by the script is stored in sourcePayload['DERIVED'][rule.source_field]. Ensure that the CI lookup rules are adjusted to utilize source payload, derived, and targeted attribute values when checking in the corresponding tables.
    5. To apply the script to older duplicate records, do the following:
      1. Navigate to All > Vulnerability Response > Discovered Items.
      2. Select the duplicate records.
      3. In the Action on selected rows list, select Reapply CI Lookup rules.
        It shows a match to an existing asset.
    6. To apply the script for Tenable.io, do the following:
      1. Navigate to Vulnerability Response Host Import Maps.
      2. Select the script for the row with NetBIOS, HOSTNAMES, and FQDNS name as the Source field.
      3. Update the script for each element.
      Note:
      For Tenable.io, the scanner returns an array for NetBIOS, HOSTNAMES, and FQDNS name, for which the script doesn’t work as expected.

      Because the Host Import Map for Tenable.io contains netbios_name in the Source field, you must write a script. During lookup, another source field NETBIOS is used, which has an array of values. So a new row is added in the table, and the same logic must be written in a loop in the script. Similarly, for FQDNS and HOSTNAMES.

    7. To apply the script for Rapid7, do the following:
      1. Navigate to All > Vulnerability Response Host Import Maps.
      2. For Rapid7 rows with FQDN and HostName, update the Lookup Method to Script.
      Note:
      For Rapid7, the CI Lookup method is set to Field matching for FQDN and Hostname, which helps to prevent it from using the script.