Identification Rule Selection
As mentioned in the Third-Party Asset Import Workflow, after the connectors are created for the respective connector sources such as Webhook, Active Directory, and ServiceNow, specify the Asset Identification Rule for the connector from the Connectors application.
- The third-party asset identification rules are created in CSAM based on the required attributes, connector sources, and connectors.
- The Webhook, Active Directory, and ServiceNow connector sources and their respective connectors are created from the Connectors application. For more information, see Connectors Online Help.
The assets are discovered based on the Identification Rules selected for the respective connector.
Identification Rules Logic for Asset Merge
Learn more about how the identification rules logic works and the newly identified asset is merged with the existing asset.
See the "Select Identification Rules" screen capture from the Connectors application:
By default, the asset identification rules created by the user and the default asset identification rules are shown. If you don't want to choose the specific rules, turn off the toggles next to them. But ensure that at least one rule is selected.
Logic 1: Identify and merge single-match assets
The identification attributes criteria matching is done sequentially. When the newly identified asset matches one of the selected identification attributes criteria and a single asset match is found, and the asset is merged with the existing asset. If the newly identified asset matches the first criterion and a single asset match is found, the other identification attribute criteria are skipped.
Logic 2: Create unmanaged assets when no single match assets are found
If the newly identified asset doesn't match any of the selected rules, and the Create unmanaged asset checkbox is selected, a new unmanaged asset is created. If the checkbox is not selected, the asset is skipped and not shown in the asset inventory.
Logic 3: Apply default rule when multiple asset matches are found
Note: As per the implementation, firstly, finding the asset single match is done based on the selected identification attributes criteria. If no single asset match is found, the asset multi-match found from the last selected identification attributes criterion in the sequence is considered, and the "Apply default rule" logic is applied.
Asset multi-match found for newly identified asset
The Apply default rule checkbox is selected
The Create unmanaged asset checkbox status can be selected or cleared.
Result: The tracking methods of the newly identified asset and the existing CSAM assets are analyzed.
- The newly identified asset is merged with one of the existing CSAM assets according to the predefined top-prioritized asset tracking method.
- If the tracking method for the existing CSAM assets is the same, then the newly identified asset is merged with the one synced latest.
Asset multi-match found for newly identified asset
The Apply default rule checkbox is not selected
the Create unmanaged asset checkbox is selected.
Result: An unmanaged asset is created.
Asset multi-match found for newly identified asset
The Apply default rule checkbox is not selected
the Create unmanaged asset checkbox is not selected.
Result: The newly identified is neither merged nor an unmanaged asset created. It's skipped.
What Happens Next?
- Asset IdentificationAsset Identification
Based on the single-match and multi-match logic, asset identification is done by connectors.
Note: For Webhook, The CSAM APIs are required to establish a connection with any third-party service. In the case of Webhook connectors, you must send the API request to identify or discover the assets and bring them to the CSAM inventory.
- Asset Import in CSAM InventoryAsset Import in CSAM Inventory
After the assets are discovered based on the asset identification rules selected for the respective connector, they are merged and imported into the CSAM inventory. For more information, refer to the "Third-Party Assets into CSAM Inventory" section from Creating Asset Identification Rules topic.
What to do Next?
1. Reconciliation Rules Configuration
2. Purge Rule Creation (To purge the third-party assets discovered by Webhook, ServiceNow, and Active Directory connectors.)