Identify all configuration items affected by a security incident

  • Release version: Zurich
  • Updated March 12, 2026
  • 1 minute to read

    • If you know which resource (server, desktop or other configuration item) is behind a security incident and want to identify related resources and business services that can be affected, you can use the Business Service Management (BSM) map.

    Before you begin

    Role required: admin or sn_si.admin

    About this task

    The BSM map displays the upstream and downstream dependencies for a selected root CI.

    There are two methods you can use to view the BSM map for a CI:
    • If you want to view CIs from the context of a task, view from the security incident form.
    • If you do not want to view CIs from a task viewpoint, view from the navigation bar.

    Procedure

    1. From the Security Incident form, populate the Configuration item field, and select the BSM map icon (Show CI map).
      The BSM map screen displays the map for the last incident you accessed in Incident Management or the last security incident you accessed in Security Incident Management.
      BSM map
    2. Select the icons next to a configuration item to view different kinds of details about the resource (server, desktop, or other CI).
      For example, select the alert icon to view alerts associated with the CI.
      Note:
      To view a list of all the available icons, select Filters above the BSM map and expand Filter Task Types.
    3. To arrange the map in different configurations, select any of the formats listed above the map (Vertical, Horizontal, Radial), or select Filters to filter the map for easier viewing.
    4. If you opened the BSM map from the security incident form, you can add a dependent CI to the security incident by right-clicking the CI and selecting Add Affected CIs.
      You can also add multiple CIs at a time. Drag a box around the CIs you want to add, right-click the box, and select Add Affected CIs.
      The CIs are added to the Affected CIs related list of the security incident.