Configure Reconciliation Rule

As mentioned in the Third-Party Asset Import Workflow, configuring the Reconciliation Rule comes into the picture after the third-party assets are scanned or discovered by various connectors, such as Webhook, Active Directory, and ServiceNow, and imported to the CyberSecurity Asset Management (CSAM) inventory.

The Reconciliation Rules are essential when you want to merge assets that come from Qualys native sensors like Qualys agent or scanner when there are assets already identified by the third-party sources before they are discovered again through a different schedule.

Scenario  - During asset sync or asset discovery, the same IP address may be discovered through different scans. For example, the IP and ServiceNow scan identifies two assets with the same IP address. One asset was found from a ServiceNow scan before the IP scan.

If so, you can merge such assets into a managed asset by configuring and running the Reconciliation Rule. 

Complete the following steps to configure and execute the Reconciliation Rule:

1.  Navigate to the Rules > Reconciliation Rules tab, and click Configure from the "Quick Actions" menu. 

Reconciliation Rules (Beta) tab.

2.  Click On Demand or Recurring as per your requirement, and click Save.

     -  Recurring: When you configure the reconciliation rule for the first time and set it as recurring, the reconciliation occurs immediately after 5 min. The subsequent reconciliations take place after every 24 hours. 

The value in the Type column is mentioned as Schedule.

     -  On Demand: The reconciliation rule executes on demand. When you configure the reconciliation rule for the first time, the Run Now option is shown, and you can select it. 

You chose to configure the reconciliation rule to run on-demand, and you want to execute or run it for the next time. The Run Now option is available for use only when the date and time from the LAST EXECUTED ON column and the current date and time have a 24-hour difference. Else, it appears dimmed.

The value in the Type column is mentioned as On Demand.

What to do Next?

Create a purge rule to purge the third-party assets discovered by connectors, such as Webhook, ServiceNow, and Active Directory.

Related Link

Third-Party Asset Import in CSAM