Configure Reconciliation Rule
Click to view navigation pane


Configure Reconciliation Rule

As mentioned in the Third-Party Asset Import Workflow, configuring the Reconciliation Rule comes into the picture after the third-party assets are scanned or discovered by various connectors, such as Webhook, Active Directory, and ServiceNow, and imported to the CyberSecurity Asset Management (CSAM) inventory.

Note: The "Third-Party Asset Import" is a new Beta feature in the early stage and is available only for CSAM full and trial users. The Reconciliation Rule is also part of this feature. The feature is available only on a request basis. Contact your Technical Account Manager (TAM) for more information.

The Reconciliation Rules (Beta) are essential when you want to merge assets that come from Qualys native sensors like Qualys agent or scanner when there are assets already identified by the third-party sources before they are discovered again through a different schedule.

Scenario  - During asset sync or asset discovery, the same IP address may be discovered through different scans. For example, the IP and ServiceNow scan identifies two assets with the same IP address. One asset was found from a ServiceNow scan before the IP scan.

If so, you can merge such assets into a managed asset by configuring and running the Reconciliation Rule. 

Complete the following steps to configure and execute the Reconciliation Rule:

1.  Navigate to the Rules > Reconciliation Rules (Beta) tab, and click Configure from the "Quick Actions" menu. 

Reconciliation Rules (Beta) tab.

2.  Click On Demand or Recurring as per your requirement, and click Save.

     -  Recurring: When you configure the reconciliation rule for the first time and set it as recurring, the reconciliation occurs immediately after 5 min. The subsequent reconciliations take place after every 24 hours. 

The value in the Type column is mentioned as Schedule.

     -  On Demand: The reconciliation rule executes on demand. When you configure the reconciliation rule for the first time, the Run Now option is shown, and you can select it. 

You chose to configure the reconciliation rule to run on-demand, and you want to execute or run it for the next time. The Run Now option is available for use only when the date and time from the LAST EXECUTED ON column and the current date and time have a 24-hour difference. Else, it appears dimmed.

The value in the Type column is mentioned as On Demand.

What to do Next?

Create a purge rule to purge the third-party assets discovered by Webhook, ServiceNow, and Active Directory connectors.

Related Link

Third-Party Asset Import in CSAM