View affected items for a security incident

  • Release version: Xanadu
  • Updated June 11, 2026
  • 1 minute to read

    • You can view affected items, such as CIs, affected users, and affected services associated with a security incident.

    Before you begin

    Role required: sn_si.basic

    Procedure

    1. If it is not already open, open the security incident for which you want to view affected items.
    2. Click the Show Affected Items related link.
    3. Click any of the related lists to view or add information for the security incident.
      Tab Description
      Configuration Items Affected configuration items (CI). After affected CIs are identified, you can manually add affected resources from this related list.
      Affected Users After affected users are identified, you can manually add affected users from this related list.
      Affected Services View or add business services associated with the security incident.
      Note:
      If an affected CI is added after the security incident is opened, it is a good idea to right-click in the form header and select Refresh Impacted Services.
      Note:
      If the Security Operations Integration - Get Running Processes integration capability is active, and you add a CI to a security incident, the Get Running Processes workflow runs and retrieves a list of running processes on the CI.

      If the Security Operations Integration - Isolate Host integration capability is active, you can select one or more CIs and restrict their system connections to other devices. To do this, select the check boxes for the CIs and click Isolate Host from the Actions on selected rows choice list.

    4. Click any of the following related links to further update the security incident:
    5. When you have completed your entries, click Submit.