Service Mapping in Vulnerability Response

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Service Mapping in Vulnerability Response

    Service mapping provides organizations with a clear view of their IT infrastructure, illustrating how various components interact. In the context of Vulnerability Response, it facilitates the automatic discovery and mapping of services and applications, highlighting dependencies and relationships between configuration items (CIs) and vulnerable items (VITs).

    Show full answer Show less

    Key Features

    • Scheduled Job for CI Services: The job "Set related CI services" connects affected business services to associated CIs. This process occurs post-integration import and at specified times.
    • Risk Score Calculation: Risk scores are now derived from the output of the scheduled job, using data stored in the Related Services [snvulm2mciservices] table.
    • Service Value and Depth Adjustments: The maximum size of services has decreased from 1000 to 500, and the maximum depth from 10 to 5, optimizing performance.
    • CMDB Class Exclusions: A new property allows skipping certain CMDB classes during service calculations, such as unclassified hardware and incomplete IPs, which may not have service mappings.
    • Full Refresh Scheduled Job: An on-demand job is available for a complete refresh of services, accommodating users needing to reflect recent changes in CIs.

    Key Outcomes

    With these enhancements, customers can expect improved performance in service mapping within Vulnerability Response. The adjustments allow for more efficient risk calculation, better management of service associations, and the ability to quickly update mappings as infrastructure changes occur. This ultimately leads to more effective vulnerability management and a clearer understanding of service dependencies.

    Service mapping helps organizations gain a comprehensive understanding of your IT infrastructure and the relationships between various components. It enables automatic discovery and mapping of services, applications, and infrastructure components, providing a visual representation of the dependencies and relationships.

    In Vulnerability Response, the scheduled job Set related CI services establishes connections between the affected business services and the configuration items (CIs) associated with the vulnerable items (VITs). The linking process takes place once the integration import is finished and at a designated time. To enhance the performance of this scheduled job, several changes have been implemented beginning with v21.1.2 of Vulnerability Response. They are:
    • Risk score calculation: The process of calculating risk scores involves the utilization of the Set related CI services scheduled job. Once the CI is processed, this job stores the necessary data in the Related Services [sn_vul_m2m_ci_services] table. Previously, in Configuration Compliance, risk calculation involved directly accessing the Configuration Management Database (CMDB) Application Programming Interface (API) CIUtils to retrieve services for each test result during import. However, the current process relies on the output of the scheduled job from the Related Services [sn_vul_m2m_ci_services] table to calculate the risk score in Configuration Compliance. Additionally, the base system calculator has been modified to utilize the Related Services [sn_vul_m2m_ci_services] table.
    • Size of services: The service value in the system property sn_sec_cmn.services_affected_by_CI_max_size, which is related to the Set related CI services scheduled job is decreased from 1000 to 500.
    • Depth of services: The depth in the system property sn_sec_cmn.services_affected_by_CI_max_depth, which is related to the Set related CI services scheduled job is reduced from 10 to 5. The service value is also decreased from 1000 to 500.
    • Exclusion of CMDB classes: A system property sn_sec_cmn.ignoreCIClassForService has been introduced to enable configuration of CMDB classes for which service calculation should be skipped. In the base system, this property is set for cmdb_ci_unclassed_hardware, cmdb_ci_incomplete_ip, sn_sec_cmn_unmatched_ci as these classes are created by Vulnerability Response and may not have any service mapping. Previously, service calculation was based on the VIT. However, the logic has been modified to use the discovered item instead. The discovered item is used to calculate the service, which is then associated with the CI in the same table.
    • Scheduled job for full refresh of services: An on-demand scheduled job Full refresh-related CI services for VI, has been introduced to perform a complete refresh of services. When you upgrade to v21.0 of Vulnerability Response, the Set related CI services job runs for a longer duration at first as the base table uses discovered items instead of vulnerable items. As a result, the job must process all the discovered items that have been scanned within the last 90 days. Additionally, if you require more frequent service refreshes, it can be accommodated by scheduling weekly periodic refreshes or performing a full refresh. If you have performed activities, which resulted in changes to the services associated with your CIs, and you want Vulnerability Response to reflect these changes, you can run the on-demand scheduled job Full refresh related CI services for VI. This job takes all the discovered items recorded in the last 90 days and refreshes the associated services accordingly.