How to improve CMDB coverage with Axonius

Jul 23, 20254 min

A CMDB is supposed to answer one simple question: What’s in our environment?

But in reality, most CMDBs can’t answer that with confidence. Assets go missing. Data gets stale. Conflicting details creep in. And before long, your “single source of truth” is more like “a decent guess.”

Why? Because CMDBs weren’t built for today’s cybersecurity challenges.

They originated as a way to track infrastructure dependencies, helping IT teams understand which servers, load balancers, and systems support specific services. Over time, CMDBs tried to evolve — adapting to virtualization, cloud, and DevOps —  but they weren’t designed to support the real-time needs of modern security.  

According to Gartner:

“The proliferation of ephemeral assets and hybrid multicloud systems is making conventional asset detection and dependency mapping obsolete.”

You’ve made a huge investment in your CMDB. Don’t rip it out. Fix the foundation.

Axonius fills in the gaps.

By connecting to over 1,200 data sources, Axonius allows you to identify missing assets, resolve inconsistencies, and automate updates to keep your CMDB clean. You can finally make your CMDB work the way you always intended: complete, accurate, and truly useful.

Here’s a clear, step-by-step look at how you can use Axonius to clean up your CMDB and keep it that way.

Watch James Flores walk through how to improve CMDB coverage. Keep reading for a full breakdown.

Step 1: See what’s in, and missing from, your CMDB

A CMDB is only as good as the data it receives. But most are limited to a small handful of data sources, leaving entire categories of assets untracked, especially BYOD devices, unmanaged endpoints, ephemeral cloud resources, or tools siloed within other teams.

Axonius connects to your entire stack — identity, EDR, MDM, patch management, cloud, and beyond — to give you a unified view of every asset, whether or not it made it into your CMDB.

Put it into practice:

To get a baseline of what’s missing, start by identifying which devices in your environment aren’t represented at all in the database.

  • Filter for: OS Type = Windows

  • AND: NOT exists in ServiceNow

  • Optional: Add Last Seen ≤ 7 days to focus on active devices

This query highlights unmanaged devices that are present in other tools, like AD, CrowdStrike, or an MDM, but missing from your CMDB. Once identified, these can be reviewed and added automatically using Axonius Enforcement Center.

Step 2: Reconcile bad or conflicting data

Sometimes, the problem isn’t what’s missing. It’s what’s wrong.

Maybe your CMDB shows two different MAC addresses for the same device. Maybe it lists something as retired, but it’s still active on the network. Or maybe entire fields, like install status or assigned owner, are just blank.

With Axonius, you can easily compare asset data across sources and flag:

  • Conflicting fields (e.g., mismatched IPs or hostnames)

  • Missing attributes (e.g., install status, owner, location)

  • Outdated records (e.g., assets marked "retired" but still online)

Put it into practice:

  • Filter for: Exists in ServiceNow

  • AND: Install Status = null

  • OR: MAC address = null

  • OR: Device Status = Retired

  • AND: Last Seen ≤ 14 days

This helps you surface devices that are misclassified, incomplete, or actively misleading your operations.

Step 3: Automate the cleanup (and keep it that way)

Reconciliation isn’t a one-time project. It has to be continuous.

Using the Axonius Enforcement Center, you can:

  • Map fields from your trusted tools into your CMDB

  • Decide which data sources to prioritize for each field

  • Tailor workflows to fit your processes—create-only, update-only, or both

  • Keep things up to date with scheduled, recurring actions

  • Push updates into ServiceNow, email, CSV export, or cloud storage

Put it into practice:

You’ve identified assets with missing or outdated fields. Now it’s time to fix them at scale, without spreadsheets or manual entry.

  • Query: Devices missing Install Status but seen in the last 14 days

  • Action: Update Install Status in ServiceNow using data from JAMF

  • Map additional fields like hostname, serial number, and OS type

  • Schedule the action to run weekly

This simple enforcement flow ensures your CMDB stays current and trustworthy, even as your environment changes.

Bonus: Make progress visible

It’s one thing to do the work. It’s another thing to show the impact.

With Axonius, you can build dashboards that visualize:

  • CMDB completeness over time

  • Field enrichment gaps by asset class

  • Adapter reliability by attribute

  • Trends in asset creation and updates

You can also set up alerts for:

  • A spike in failed enforcement actions

  • A drop in CMDB completeness

  • Surges in newly discovered assets not yet represented

These reports help show stakeholders where progress is being made and where attention is still needed.

Power better decisions with a stronger CMDB

CMDBs aren’t broken. They’re just under-supported.

With Axonius, you can turn your CMDB into the system of truth you always wanted, without the grunt work you always hated.

Say goodbye to stale records, conflicting fields, and missing devices. Say hello to the kind of visibility you can actually act on.

Get a product demo or speak with a representative today and learn how Axonius can help you turn your CMDB into a reliable, real-time foundation for action.

Categories

  • Asset Management
  • Endpoint and IoT Security
Get Started

Get Started

Discover what’s achievable with a product demo, or talk to an Axonius representative.

  • Request a demo
  • Speak with Sales