Identify all CIs affected by a security incident

If you know which configuration item (CI) is behind a security incident and want to identify other CIs that might be affected, you can use the Business Service Management (BSM) map. The BSM map displays the upstream and downstream dependencies for a selected root CI.

Before you begin

Role required: sn_si.admin or admin

About this task

You have these options for viewing the BSM map for a CI:
  • From the security incident form, if you want to view CIs from the context of a task.
  • From the application navigator, if you do not want to view CIs from a task viewpoint.

Procedure

  1. Open the BSM map using one of these methods:
    OptionAction
    From the security incident form In the Security Incident record form, populate the Affected CI field and click the show CI map icon (The show CI map icon).

    The system displays the CI and all its dependent CIs in the map.

    From the application navigator Navigate to Security Incident > Incidents > View BSM.

    The BSM map is created for the last incident you accessed in Incident Management or the last security incident you accessed in Security Incident Management.

  2. Click the icons next to a CI to view different kinds of details about the CI.

    For example, click the alert icon (The alert icon) to view alerts associated with the CI.

    Note: If you want to view a list of all of the available icons, click Filters above the BSM map and expand Filter Task Types.
  3. To rearrange the map, select any of the formats listed above the map (Vertical, Horizontal, Radial, and so forth).
  4. To filter the map for specific CIs, click Filters and configure the filter settings.
  5. If you opened the BSM map from the security incident form, you can add a dependent CI to the security incident by right-clicking the CI and selecting Add Affected CIs.
    You can also add multiple CIs at a time. Drag a box around the CIs you want to add, right-click the box, and select Add Affected CIs.
    The CIs are added to the Affected CIs related list of the security incident.