3 Replies Latest reply on Aug 11, 2010 4:19 PM by Bill Robinson

    Change tracking with incident management

      Has anyone implemented change tracking with integration to incident management. Specifically I am looking to track changes and if a change has been detected for a server, search change requests for matching CI within the change time frame, and if none are found open an incident for investigation. Has anyone done this or have any recommendations?


      I am currently thinking the only way to accomplish this to export a scheduled change report from BL Reporting and have Atrium orchestrator process the results and look for matching change requests.



        • 1. Re: Change tracking with incident management
          Bill Robinson

          I implemented this at a customer a couple years ago.  That's essentially what we did, though.  there is some direct integration w/ remedy now so you must put in a ticket number w/ a job run but I don't know if that gets you anything here.


          The one issue will be that even if there is an associated change found in remedy, you still need to investigate because you don't know for sure that that job actually made the detected change.  You can make a best guess but that's about it.

          • 2. Re: Change tracking with incident management

            Did you use the change tracking scripts with SNMP traps as the incident trigger or did you actually go the reporting to BAO route?


            We are taking the approach that if any change request was active, to suppress the incident. Obviously, some unauthorized changes can fall through the cracks. If someone opens a change request to install a patch, and they install patch and new bit of software we would still detect the change as authorized. However, I expect this will catch the vast majority of unauthorized changes.




            • 3. Re: Change tracking with incident management
              Bill Robinson

              I used the snmp to bao route as that's what was available at the time.