Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Rules for identifying configuration items from third-party integrations

Log in to subscribe to topics and get notified when content changes.

Rules for identifying configuration items from third-party integrations

When data is imported from a third-party integration, the host information is searched automatically for matches in the CMDB. When a host ID match is found, it is used as the Configuration item field in the vulnerable item record. If a match is not found, or the host ID field is empty, the rules use the other host information to correctly identify the CI.

Note: CI lookup rules are available only for the Qualys and Rapid7version 6 vulnerability integrations.
CI lookup rules can be domain separated and are source-specific.
Note: CI lookup rules are shared by all deployments of the Qualys Vulnerability Integration. If a rule is deleted or modified, the deletion or changes affect all deployments of the Qualys Vulnerability Integration.

When attempting a match, the first step is a vendor ID lookup for an exact match across source, source_instance, and vendor ID. Then, lookup rules are run in order, from lowest to highest and stop when a rule returns just a single CI as a match.

CI lookup rules shipped with the Qualys Vulnerability Integration plugin [com.snc.vulnerability.qualys].
  • QUALYS HOST ID
  • FQDN
  • NetBIOS
  • DNS
  • IP
CI lookup rules shipped with the Rapid7 version 6 vulnerability integration plugin [sn_vul_r7]
  • MacAddress
  • FQDN
  • HostName
  • IP
Note: Rules, once removed, cannot be recovered. Rather than removing existing rules, deactivate them when creating new ones.
Feedback