Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Rules for identifying configuration items from third-party vulnerability integrations

Log in to subscribe to topics and get notified when content changes.

Rules for identifying configuration items from third-party vulnerability integrations

When data is imported from a third-party integration, the host information is searched automatically for matches in the Configuration Management Database (CMDB). When a host ID match is found, it is used as the configuration item field in the vulnerable item record. If a match is not found, or the host ID field is empty, the rules use the other host information to correctly identify the configuration item (CI).

Note: CI lookup rules are available only for the Qualys and Rapid7 vulnerability integrations.
CI lookup rules can be domain separated and are source-specific.
Note: CI lookup rules are shared by all deployments of the vulnerability integration. If a rule is deleted or modified, the deletion or changes affect all deployments of the vulnerability integration.
When attempting a match, the first step is a vendor ID lookup for an exact match across source, source_instance, and vendor ID. Then, lookup rules are run in order, from lowest to highest and stop when a rule returns just a single CI as a match.
Note: To avoid matching on low-level networking elements, if a matched CI is one of dscy_switchport, cmdb_ci_network_adapter, cmdb_ci_nic, or cmdb_ci_ip_address, the parent CI is returned.

Starting with Vulnerability Response v9.0, a system property to exclude CI classes is available. This property is not available with upgrade. See Ignore CI classes for information and instructions on setting the property.

To make it easier to find matching issues, when a match is found, the CI lookup rule used to find it is added to the Discovered Item record in the CI matching rule field.

These Qualys CI lookup rules are shipped with the system.
  • QUALYS HOST ID
  • FQDN
  • NetBIOS
  • DNS
  • IP
These Rapid7 CI lookup rules are shipped with the system.
  • MacAddress
  • FQDN
  • HostName
  • IP
Note: Rules, once removed, cannot be recovered. Rather than removing existing rules, deactivate them when creating new ones.
Feedback