Creating CIs using the Identification and Reconciliation engine

Release version: Zurich

Updated July 31, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Creating CIs using the Identification and Reconciliation engine

ServiceNow customers can create configuration items (CIs) in the Configuration Management Database (CMDB) using the Identification and Reconciliation engine (IRE) API. This approach helps prevent duplicate CIs by reconciling CI attributes and allowing only authoritative data sources to update the CMDB. If no matching CI is found, new CIs are created in specific unmatched or base classes depending on the available data and configuration.

Show full answer Show less

Key Features

IRE API Usage: Enables automated CI creation while avoiding duplicates and ensuring data integrity through reconciliation.
Unmatched CI Handling: When no match is found in discovered items or CMDB, CIs are created in the snseccmnunmatchedci class or other designated unmatched CI classes.
Exception Logging: Starting with Vulnerability Response v24.0.6, exceptions that block CI creation are logged in the Additional Information field to facilitate troubleshooting and corrective actions.
CI Classes for Unmatched Items: From Vulnerability Response v12.2 onward, unmatched assets are categorized into specific classes such as Unclassed Hardware, Incomplete IP Identified Device, and Cloud Resource based on available host information.
CMDB CI Class Models Plugin: Required to activate new CI classes; otherwise, unmatched CIs default to the Unmatched CI class.
Cloud Resource Classification: Starting with Vulnerability Response v20.0, unmatched cloud assets from scanners like Qualys, Rapid7, and Tenable can be assigned to Unclassed Hardware using a system property (snseccmn.unmatchedcloudresourceenabled).
Automatic Unmatched CI Usage: If the CMDB CI Class plugin is inactive or IRE throws exceptions, CIs default to the Unmatched CI class. The manual reclassify option from discovered items is disabled when IRE is active.

Practical Implications for ServiceNow Customers

Using the IRE API ensures cleaner CMDB data by preventing duplicate CIs and enforcing authoritative updates.
Activating the CMDB CI Class Models plugin allows leveraging new CI classes that better categorize unmatched assets based on the data available from scanners.
Monitoring the Additional Information field for exceptions helps identify and resolve issues hindering CI creation.
Configuring the system property for unmatched cloud resources enables appropriate classification of cloud assets, improving asset management and reporting.
Understanding the classification logic and CI classes helps in maintaining accurate and comprehensive CMDB records, especially when integrating third-party scanner data.

You can create configuration items (CIs) in the Configuration Management Database (CMDB) using the Identification and Reconciliation engine (IRE) API. By using the IRE API to create CIs, you can prevent duplicate CIs from being created and you can reconcile CI attributes by allowing only authoritative data sources to write to CMDB.

A CI class (table) is the original table name in the instance database. CMDB contains base system classes that store data about CIs.

Using IRE for CI creation

If a matched CI isn’t found either in the Discovered Items list or CMDB, a CI is created in the Unmatched CI class (sn_sec_cmn_unmatched_ci). For more information, see Unmatched CIs.

Starting with v24.0.6 of Vulnerability Response, if IRE encounters exceptions that prevent the creation of CIs, the specifics of these exceptions are recorded in the Additional Information field. By examining the details in this field, you can determine the root cause and implement the necessary corrections to ensure the CI is successfully created.

Starting with Vulnerability Response v12.2 to v18.0, if no match is found when the CI lookup rules are applied, the asset information is sent to IRE and a CI is created in one of the Unclassed Hardware and Incomplete IP Identified Device classes. Starting from Vulnerability Response v18.0, a new class, Cloud Resource is also included. For more information on how to configure the categorization of unmatched cloud resources into your preferred CI class, see Updating CI class for unmatched cloud assets.

CMDB CI classes

Note:

To use the new classes, activate the CMDB CI Class Models plugin. Otherwise, CIs are created in the Unmatched CI class.

If the host that you imported from a third-party scanner can't be found in the Discovered Items list or CMDB, it’s created in one of the following new CMDB CI classes.

Table 1. CMDB CI classes
CMDB CI Class	Description
Incomplete IP Identified Device (cmdb_ci_incomplete_ip)	CI is created in this table if only the IP address is available in the host information that is received from the scanner.
Unclassed Hardware (cmdb_ci_unclassed_hardware)	CI is created in this table if any of the following information is available in the host information that is received from the scanner: Host name IP address DNS NETBIOS MAC address Note: If the MAC address is available, the network adapter entry is created and related to the unclassed hardware CI. If both the IP and MAC addresses are available, the IP address CI is also created and related to the unclassed hardware CI.
Cloud Resource (cmdb_ci_cmp_resource)	CI is created in this table if Cloud Resource ID is available in the host information that is received from the scanner. Note: If the Asset Type of a scanner integration is Hybrid and the sn_sec_cmn.unmatched_cloud_resource_enabled system property is false, the CIs are created in the Unclassed Hardware class but not in the Cloud Resource class.

If the Identification and Reconciliation engine (IRE) is activated, the reclassify option from discovered items is not supported.

The system automatically uses an Unmatched CI class if one of the following occurs:

The CMDB CI Class plugin is not activated.
IRE raises an exception while creating a CI.
For more information, see Unmatched CIs.