Identify all Resources/CIs affected by a security incident

If you know which resource (server, desktop or other configuration item) is behind a security incident and want to identify related resources and business services that might be affected, you can use the Business Service Management (BSM) map. The BSM map displays the upstream and downstream dependencies for a selected root CI.

Before you begin

Role required: admin or sn_si.admin

About this task

There are two methods you can use to view the BSM map for a CI: from the security incident form if you want to view CIs from the context of a task, or from the navigation bar if you do not want to view CIs from a task viewpoint.

Procedure

  1. From the Security Incident form, populate the Affected Resource field, and click the BSM map icon (Show CI map).
    The BSM map screen displays the map for the last incident you accessed in Incident Management or the last security incident you accessed in Security Incident Management.
    BSM map
  2. Click the icons next to an affected resource to view different kinds of details about the resource (server, desktop, or other CI). For example, click the alert icon () to view alerts associated with the CI.
    Note: To view a list of all of the available icons, click Filters above the BSM map and expand Filter Task Types.
  3. To arrange the map in different configurations, select any of the formats listed above the map (Vertical, Horizontal, Radial, and so forth), or you can click Filters to filter the map for easier viewing.
  4. If you opened the BSM map from the security incident form, you can add a dependent CI to the security incident by right-clicking the CI and selecting Add Affected CIs.
    You can also add multiple CIs at a time. Drag a box around the CIs you want to add, right-click the box, and select Add Affected CIs.
    The CIs are added to the Affected CIs related list of the security incident.