Create a CI lookup rule

The CI Lookup Rules module contains rules that are used to find the matching record for host information received during third-party vulnerability integration imports. The host information is matched with the discovered items, unmatched configuration item classes, and the Configuration Management Database (CMDB).

Before you begin

Role required: v10.3 sn_vul.vulnerability.admin or sn_vul.admin (deprecated)

Starting with v10.3, persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

About this task

Creating CI lookup rules requires advanced ServiceNow and Vulnerability Response expertise. Rather than modifying one of the existing lookup rules, consider copying it and modifying the copy. When you are satisfied that the new rule does what you want, deactivate the original.

Note: Rules, once removed, cannot be recovered. Rather than removing existing rules, deactivate them when creating new ones.

Procedure

Navigate to Security Operations > CMDB > CI Lookup Rules.
Click New.

On the form, fill in the fields.

Table 1. CI lookup rule form
Field	Description
Name	Name of the rule.
Lookup method	Method used for matching. Choices are: Script: Pre-built (IP address, DNS name, and so on) or custom script. Field matching: Search on table or field in the CMDB.
Type	Type used with the Script Lookup method.
Order	Order of precedence for the rule. Rules with the lowest order are evaluated first.
Active	Check box for whether the rule is active or disabled.
Source	Source used as input to this rule.
Source field	Source field used as input to this rule. Select any field, but it is treated as a string value.
Version 12.0: Condition	Condition based on which the CI lookup rule is applied. This condition depends on the attribute from the third-party scanner. Note: The asset attribute is a part of the payload. It is received from the third-party scanner. See the Discovered Items table for payload examples.
Script	Editable sample script, based on the Type, is shown. Implement the custom script following the comments included in the template of the default function. Note: The process function has three parameters: rule, sourceValue, and sourcePayload
Search on table	Table to search within the CMDB. Used with field matching Lookup Method.
Search on field	Field that contains information that can be used to locate a CI. Used with the field matching Lookup method. This field may be on the CI record, or on a related record, such as a network adapter.

Click Submit.

For more information implementation information for CI Lookup Rules see, Prevent duplicate or orphaned records after running Vulnerability Response CI lookup rules.

Figure 1. Example of a CI lookup rule using a condition builder for V12.0

Figure 2. Example of a CI lookup rule using a script

Create a CI lookup rule

Before you begin

Role required: v10.3 sn_vul.vulnerability.admin or sn_vul.admin (deprecated)

About this task

Note: Rules, once removed, cannot be recovered. Rather than removing existing rules, deactivate them when creating new ones.

Procedure

Navigate to Security Operations > CMDB > CI Lookup Rules.
Click New.

On the form, fill in the fields.

Table 1. CI lookup rule form
Field	Description
Name	Name of the rule.
Lookup method	Method used for matching. Choices are: Script: Pre-built (IP address, DNS name, and so on) or custom script. Field matching: Search on table or field in the CMDB.
Type	Type used with the Script Lookup method.
Order	Order of precedence for the rule. Rules with the lowest order are evaluated first.
Active	Check box for whether the rule is active or disabled.
Source	Source used as input to this rule.
Source field	Source field used as input to this rule. Select any field, but it is treated as a string value.
Version 12.0: Condition	Condition based on which the CI lookup rule is applied. This condition depends on the attribute from the third-party scanner. Note: The asset attribute is a part of the payload. It is received from the third-party scanner. See the Discovered Items table for payload examples.
Script	Editable sample script, based on the Type, is shown. Implement the custom script following the comments included in the template of the default function. Note: The process function has three parameters: rule, sourceValue, and sourcePayload
Search on table	Table to search within the CMDB. Used with field matching Lookup Method.
Search on field	Field that contains information that can be used to locate a CI. Used with the field matching Lookup method. This field may be on the CI record, or on a related record, such as a network adapter.

Click Submit.

For more information implementation information for CI Lookup Rules see, Prevent duplicate or orphaned records after running Vulnerability Response CI lookup rules.

Figure 1. Example of a CI lookup rule using a condition builder for V12.0

Figure 2. Example of a CI lookup rule using a script

How search works:

Topics are ranked in search results by how closely they match your search terms

Create a CI lookup rule

Create a CI lookup rule

On this page

Create a CI lookup rule

Create a CI lookup rule

Log in to personalize your search results and subscribe to topics