Service Mapping in Vulnerability Response

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Service Mapping in Vulnerability Response

    Service Mapping in Vulnerability Response enables organizations to automatically discover and visualize the relationships and dependencies between IT services, applications, and infrastructure components. This comprehensive mapping helps you understand how vulnerable items relate to business services, enhancing risk assessment and management within your IT environment.

    Show full answer Show less

    Key Features

    • Scheduled Job - Set related CI services: This job links affected business services to configuration items (CIs) associated with vulnerabilities after integration imports and at scheduled times, ensuring up-to-date service mappings.
    • Risk Score Calculation Improvements: Risk scores now use data stored in the Related Services [snvulm2mciservices] table generated by the scheduled job, replacing prior reliance on direct CMDB API calls, improving performance and accuracy.
    • Performance Optimizations: The maximum service size processed has been reduced from 1000 to 500, and the service depth limit reduced from 10 to 5 to optimize job execution times.
    • Exclusion of Certain CMDB Classes: A new system property allows you to exclude specific CMDB classes (such as unclassified hardware or incomplete IPs) from service calculations, preventing irrelevant or auto-created CIs from impacting mapping accuracy.
    • Use of Discovered Items for Service Calculation: Service calculations now rely on discovered items rather than vulnerable items, aligning better with actual infrastructure data.
    • On-Demand Full Refresh Job: The Full refresh-related CI services for VI job allows you to perform a complete refresh of service mappings based on discovered items scanned in the last 90 days, supporting timely updates after changes in your environment.

    Key Outcomes

    • Improved accuracy and performance of service mapping and risk score calculations by leveraging scheduled jobs and refined data sources.
    • Greater control over which CMDB classes are included in service calculations, reducing noise from irrelevant items.
    • Ability to maintain up-to-date service relationships through on-demand or scheduled refreshes, ensuring vulnerability response actions reflect current dependencies.
    • Optimized scheduled jobs that reduce processing time and resource consumption while maintaining comprehensive mapping data.

    Service mapping helps organizations gain a comprehensive understanding of your IT infrastructure and the relationships between various components. It enables automatic discovery and mapping of services, applications, and infrastructure components, providing a visual representation of the dependencies and relationships.

    In Vulnerability Response, the scheduled job Set related CI services establishes connections between the affected business services and the configuration items (CIs) associated with the vulnerable items (VITs). The linking process takes place once the integration import is finished and at a designated time. To enhance the performance of this scheduled job, several changes have been implemented beginning with v21.1.2 of Vulnerability Response. They are:
    • Risk score calculation: The process of calculating risk scores involves the utilization of the Set related CI services scheduled job. Once the CI is processed, this job stores the necessary data in the Related Services [sn_vul_m2m_ci_services] table. Previously, in Configuration Compliance, risk calculation involved directly accessing the Configuration Management Database (CMDB) Application Programming Interface (API) CIUtils to retrieve services for each test result during import. However, the current process relies on the output of the scheduled job from the Related Services [sn_vul_m2m_ci_services] table to calculate the risk score in Configuration Compliance. Additionally, the base system calculator has been modified to utilize the Related Services [sn_vul_m2m_ci_services] table.
    • Size of services: The service value in the system property sn_sec_cmn.services_affected_by_CI_max_size, which is related to the Set related CI services scheduled job is decreased from 1000 to 500.
    • Depth of services: The depth in the system property sn_sec_cmn.services_affected_by_CI_max_depth, which is related to the Set related CI services scheduled job is reduced from 10 to 5. The service value is also decreased from 1000 to 500.
    • Exclusion of CMDB classes: A system property sn_sec_cmn.ignoreCIClassForService has been introduced to enable configuration of CMDB classes for which service calculation should be skipped. In the base system, this property is set for cmdb_ci_unclassed_hardware, cmdb_ci_incomplete_ip, sn_sec_cmn_unmatched_ci as these classes are created by Vulnerability Response and may not have any service mapping. Previously, service calculation was based on the VIT. However, the logic has been modified to use the discovered item instead. The discovered item is used to calculate the service, which is then associated with the CI in the same table.
    • Scheduled job for full refresh of services: An on-demand scheduled job Full refresh-related CI services for VI, has been introduced to perform a complete refresh of services. When you upgrade to v21.0 of Vulnerability Response, the Set related CI services job runs for a longer duration at first as the base table uses discovered items instead of vulnerable items. As a result, the job must process all the discovered items that have been scanned within the last 90 days. Additionally, if you require more frequent service refreshes, it can be accommodated by scheduling weekly periodic refreshes or performing a full refresh. If you have performed activities, which resulted in changes to the services associated with your CIs, and you want Vulnerability Response to reflect these changes, you can run the on-demand scheduled job Full refresh related CI services for VI. This job takes all the discovered items recorded in the last 90 days and refreshes the associated services accordingly.