Steps to help prevent duplicate or orphaned records after running Vulnerability Response CI lookup rules

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Steps to help prevent duplicate or orphaned records after running Vulnerability Response CI lookup rules

    This guidance helps ServiceNow customers prevent duplicate or orphaned configuration item (CI) records in the CMDB when importing vulnerability data using Vulnerability Response CI Lookup Rules. Poorly constructed rules can cause performance issues and lengthy processing times. Careful testing, analysis, and cleanup are essential to maintain data integrity and system performance.

    Show full answer Show less

    Key Steps to Prevent Duplicate or Orphaned Records

    • Test with Small Data Subsets: Use focused, small subsets of data specific to the CI Lookup Rule under test. Deactivate all other CI Lookup Rules to isolate testing.
    • Analyze Matched CIs: Examine matched versus unmatched CIs to ensure an acceptable match percentage. Perform manual searches to identify naming or field issues and refine matching rules as needed.
    • Review Unmatched CIs: Group unmatched CIs by class to identify unexpected entries (e.g., certificates, network cards). Determine whether classes should be excluded or reclassified and review CI states such as Retired.
    • Remove Test Data: Once expected matching behavior is confirmed, delete test data from relevant tables (Discovered Items, Vulnerable Items, Remediation tasks) and rerun CI Matching rules to ensure a clean state.

    Deleting Data from Tables

    If imported data is incorrect, customers can remove it using several methods, each requiring ServiceNow expertise:

    • Delete All Records via Table Configuration
    • Use Table Cleaner through Auto Flushes (sysautoflush.list)
    • Truncate tables with background scripts (with rollback disabled)

    Important: Avoid using truncateTable in production environments and consult ServiceNow Support before large deletions in production or shared environments.

    Additional Resources

    • Articles on CI Lookup Rules integration with Qualys and Rapid7 for detailed configuration guidance
    • Related tasks such as de-duplicating existing CIs, reclassifying unmatched CIs, reconciling discovered items, and resolving remediation tasks

    Take steps to help prevent duplicate or orphan records resulting from matching (configuration items (CIs) within the CMDB.

    Importing vulnerability data can be taxing on an instance and performance issues with resources can occur if rules are not carefully constructed. The logic used to iterate through and perform matching within the CMDB can result in lengthy processing times. Thorough testing and debugging of processing scripts in the rules helps alleviate the potential of issues later in the process.

    Preventing duplicate or orphaned records

    • Use small subsets of data that are specific to the CI Lookup Rule being tested.
      • Set all CI Lookup Rules, other than the one being tested, to Inactive.
      • Analyze the imported CIs to ensure that you are observing the expected behavior and matching is occurring properly.
    • Review Matched CIs
      • Examine the count of matched vs unmatched CIs. Ensure that the percentage is acceptable. Don’t just look at the first page, that is likely the first one inserted.
      • Manually search for some CIs.
      • Check to see if there are any naming or field problems (such as searching for a specific domain).

        If it seems appropriate, add additional matching rules.

    • Review Unmatched CIs
      • Navigate to the Unmatched CIs table.
      • Group by Configuration Item class.
      • Review any classes that don’t look right (certificates, network cards, images).
        • Figure out why didn’t they match the correct CI?
        • Should the class be excluded?
        • Should the class be elevated to a related class?
    • Review CI states such as Retired.
    • Remove Test Data
      • Once you begin to observe the correct or expected behavior in CI matching, start over.
      • Start over by: Deleting the data used for testing: (see the Deleting data from tables section)
        • Discovered Items
        • Vulnerable Items
        • Remediation tasks
      • Manually rerunning all the CI Matching rules.

    For more information on CI Lookup Rules and Qualys, see the KB0750656 article.

    For more information on CI Lookup Rules and Rapid7, see the KB0818096.

    Deleting data from tables

    Sometimes you have imported data and realize something is wrong. If something is wrong in a development or performance environment, you could reclone from a better environment, but that isn’t always an option.
    Note:
    Performing these actions requires ServiceNow expertise.
    There are four options for deleting data from tables:
    • Using Delete All Records on Table Configuration.
    • Configure the Table Cleaner by navigating to Auto Flushes (sys_auto_flush.list) and creating a new Auto-flush record.
    • Truncate the gs.truncateTable using a background script.

      Using truncateTable requires turning off the record for rollback check box in the background scripts. Otherwise, a copy of the table and related cascade tables are created, take too long, and most likely fail.

      Note:
      Never use truncateTable in a production environment. Consult you Support representative before executing large deletions in production or shared environments.