Contents Security Operations Previous Topic Next Topic Rules for identifying configuration items from third-party integrations Subscribe Log in to subscribe to topics and get notified when content changes. ... SAVE AS PDF Selected Topic Topic & Subtopics Share Rules for identifying configuration items from third-party integrations When data is imported from a third-party integration, the host information is searched automatically for matches in the CMDB. When a host ID match is found, it is used as the Configuration item field in the vulnerable item record. If a match is not found, or the host ID field is empty, the rules use the other host information to correctly identify the CI. Note: CI lookup rules are available only for the Qualys and Rapid7version 6 vulnerability integrations. CI lookup rules can be domain separated and are source-specific.Note: CI lookup rules are shared by all deployments of the Qualys Vulnerability Integration. If a rule is deleted or modified, the deletion or changes affect all deployments of the Qualys Vulnerability Integration. When attempting a match, the first step is a vendor ID lookup for an exact match across source, source_instance, and vendor ID. Then, lookup rules are run in order, from lowest to highest and stop when a rule returns just a single CI as a match. CI lookup rules shipped with the Qualys Vulnerability Integration plugin [com.snc.vulnerability.qualys]. QUALYS HOST ID FQDN NetBIOS DNS IP CI lookup rules shipped with the Rapid7 version 6 vulnerability integration plugin [sn_vul_r7] MacAddress FQDN HostName IP Note: Rules, once removed, cannot be recovered. Rather than removing existing rules, deactivate them when creating new ones. Create a CI lookup ruleThe CI Lookup Rules module contains rules that define what fields have matching data in the CMDB. These rules are used to identify configuration items (CI)s and add them to the vulnerable item record to aid in remediation. Lookup rules are evaluated by lowest Order value first.Related conceptsVulnerability groups and group rules overviewUnderstanding Discovered ItemsUnderstanding vulnerability group and vulnerable item statesVulnerability calculator groups, vulnerability calculators, and the rollup calculatorRemediation target rulesDomain separation and Vulnerability ResponseTypes of ServiceNow integrations providedSecurity Operations Integration ConfigurationsTips for writing integrationsIntegration troubleshooting On this page Send Feedback Previous Topic Next Topic
Rules for identifying configuration items from third-party integrations When data is imported from a third-party integration, the host information is searched automatically for matches in the CMDB. When a host ID match is found, it is used as the Configuration item field in the vulnerable item record. If a match is not found, or the host ID field is empty, the rules use the other host information to correctly identify the CI. Note: CI lookup rules are available only for the Qualys and Rapid7version 6 vulnerability integrations. CI lookup rules can be domain separated and are source-specific.Note: CI lookup rules are shared by all deployments of the Qualys Vulnerability Integration. If a rule is deleted or modified, the deletion or changes affect all deployments of the Qualys Vulnerability Integration. When attempting a match, the first step is a vendor ID lookup for an exact match across source, source_instance, and vendor ID. Then, lookup rules are run in order, from lowest to highest and stop when a rule returns just a single CI as a match. CI lookup rules shipped with the Qualys Vulnerability Integration plugin [com.snc.vulnerability.qualys]. QUALYS HOST ID FQDN NetBIOS DNS IP CI lookup rules shipped with the Rapid7 version 6 vulnerability integration plugin [sn_vul_r7] MacAddress FQDN HostName IP Note: Rules, once removed, cannot be recovered. Rather than removing existing rules, deactivate them when creating new ones. Create a CI lookup ruleThe CI Lookup Rules module contains rules that define what fields have matching data in the CMDB. These rules are used to identify configuration items (CI)s and add them to the vulnerable item record to aid in remediation. Lookup rules are evaluated by lowest Order value first.Related conceptsVulnerability groups and group rules overviewUnderstanding Discovered ItemsUnderstanding vulnerability group and vulnerable item statesVulnerability calculator groups, vulnerability calculators, and the rollup calculatorRemediation target rulesDomain separation and Vulnerability ResponseTypes of ServiceNow integrations providedSecurity Operations Integration ConfigurationsTips for writing integrationsIntegration troubleshooting
Rules for identifying configuration items from third-party integrations When data is imported from a third-party integration, the host information is searched automatically for matches in the CMDB. When a host ID match is found, it is used as the Configuration item field in the vulnerable item record. If a match is not found, or the host ID field is empty, the rules use the other host information to correctly identify the CI. Note: CI lookup rules are available only for the Qualys and Rapid7version 6 vulnerability integrations. CI lookup rules can be domain separated and are source-specific.Note: CI lookup rules are shared by all deployments of the Qualys Vulnerability Integration. If a rule is deleted or modified, the deletion or changes affect all deployments of the Qualys Vulnerability Integration. When attempting a match, the first step is a vendor ID lookup for an exact match across source, source_instance, and vendor ID. Then, lookup rules are run in order, from lowest to highest and stop when a rule returns just a single CI as a match. CI lookup rules shipped with the Qualys Vulnerability Integration plugin [com.snc.vulnerability.qualys]. QUALYS HOST ID FQDN NetBIOS DNS IP CI lookup rules shipped with the Rapid7 version 6 vulnerability integration plugin [sn_vul_r7] MacAddress FQDN HostName IP Note: Rules, once removed, cannot be recovered. Rather than removing existing rules, deactivate them when creating new ones. Create a CI lookup ruleThe CI Lookup Rules module contains rules that define what fields have matching data in the CMDB. These rules are used to identify configuration items (CI)s and add them to the vulnerable item record to aid in remediation. Lookup rules are evaluated by lowest Order value first.Related conceptsVulnerability groups and group rules overviewUnderstanding Discovered ItemsUnderstanding vulnerability group and vulnerable item statesVulnerability calculator groups, vulnerability calculators, and the rollup calculatorRemediation target rulesDomain separation and Vulnerability ResponseTypes of ServiceNow integrations providedSecurity Operations Integration ConfigurationsTips for writing integrationsIntegration troubleshooting
