CI changes for discovered items

Zurich Security Management

Release

zurich

ft:locale

en-US

ft:publication_title

Zurich Security Management

ft:clusterId

security

bundleId

security

workflow

Technology

CI changes for discovered items

Release version: Zurich

Updated July 31, 2025

1 minute to read

When a configuration item (CI) on a discovered item (DI) changes, the impacted detections and vulnerable items (VIs) are updated. The risk score, assignment rules, group rules, and remediation target rule are reevaluated.

Starting with v24.0.6 of Vulnerability Response, you can view the updates to a CI in the Discovered Item table. Information including the previous CI, the updated CI, and the user who made the changes is documented in the Audit History related list.

If a VI exists with the same vulnerability and CI, the detections are updated with the existing VI and the current VI is closed with the substate as invalidCI. Work notes are added for the following reasons:

When detections are moved from one VI to another.
When a duplicate VI is closed.

If you do not want to update the CI for the existing VI, set the property sn_sec_cmn.update_on_ci_change to false. Then, when a CI changes, a new VI is created and the existing one is closed as an invalidCI.

The default value of the property sn_sec_cmn.update_on_ci_change is true.