Vulnerability Response - Discovered Items with Decommissioned CIs Not Rematching During CI Lookup Rule ReapplyIssue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Discovered items fail to rematch to correct configuration items when reapplying CI lookup rules if the associated CI is in a "CI Decommissioned" state. Symptoms<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Discovered items remain associated with incorrect or outdated CIs after reapplying lookup rulesSource data shows correct FQDN but discovered item fields (Fully Qualified Domain Name, IP Address, MAC Address) display values from wrong CIReapply CI lookup rules action does not update CI association for discovered items linked to decommissioned CIsDiscovered items with substate "CI Decommissioned" are skipped during rule reapplicationVulnerable Item Tasks (VITs) contain incorrect CI associations due to discovered item mismatchCI lookup rules do not consider decommissioned CIs as valid match targets by default Facts<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Starting with Vulnerability Response v24.0.6, system property "sn_sec_cmn.skipItemsWithCIDecommissioned" controls whether discovered items with decommissioned CIs are included in lookup rule reapplicationSystem property sn_sec_cmn.filterOutDecommissionedCI controls whether decommissioned CIs are considered as valid match targets during CI lookupBoth properties default to true, excluding decommissioned items from lookup processingDiscovered items retain their original CI association even when source data indicates a different CI should matchFields displayed on discovered item form (FQDN, IP Address, MAC Address) pull values from the associated CI record, not from source dataWhen CI names change or CIs are decommissioned, discovered items may continue pointing to the old CI unless rules are reapplied with appropriate property settingsReapply CI lookup rules only processes items scanned within the last 90 days based on scan date columns Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Yokohama and subsequent releases (Vulnerability Response v24.0.6 and later) Cause<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } By default, the Vulnerability Response application excludes decommissioned CIs and their associated discovered items from CI lookup rule processing. When "sn_sec_cmn.skipItemsWithCIDecommissioned" is enabled (true), discovered items with substate "CI Decommissioned" are skipped during rule reapplication. Additionally, when "sn_sec_cmn.filterOutDecommissionedCI" is enabled (true), decommissioned CIs are filtered out as potential match targets. This prevents discovered items from rematching to correct CIs even when source data indicates a valid match should occur. Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } For Administrators - Enable Reapplication for Decommissioned Items: To allow discovered items associated with decommissioned CIs to participate in CI lookup rule reapplication: Navigate to System Properties > sys_properties.LISTSet the following system properties to false: sn_sec_cmn.skipItemsWithCIDecommissioned = false sn_sec_cmn.filterOutDecommissionedCI = false Click Update to save the property changesNavigate to All > Security operations > CMDB > Discovered ItemsSelect the discovered items that need rematchingClick Action on selected rowsSelect Reapply CI lookup rulesClick View status to monitor the background job progressVerify the discovered items now associate with the correct CIs Important Notes: Setting sn_sec_cmn.skipItemsWithCIDecommissioned to false allows discovered items with decommissioned CIs to be processed during rule reapplicationSetting sn_sec_cmn.filterOutDecommissionedCI to false allows decommissioned CIs to be considered as valid match targetsBoth properties must be set to false to fully enable rematching for decommissioned itemsReapply CI lookup rules only processes discovered items scanned within the last 90 daysFields displayed on discovered items (FQDN, IP Address, MAC Address) pull from the associated CI record, not directly from source dataAfter successful rematching, vulnerable item tasks (VITs) will update with the correct CI associations Best Practice: After resolving the immediate matching issues, consider reverting the properties to their default values (true) to maintain standard filtering behavior for decommissioned items in future operations. Verification Steps: Open the affected discovered item recordVerify the Configuration item field now references the correct CICheck that Fully qualified domain name, IP Address, and other fields match the source dataReview associated vulnerable item tasks to confirm they reference the correct CI