Viewing audit results

Edit online

You use the CI Reconciliation Results application to view audit results and see any unauthorized changes to your environment. The system generates audit results when it executes a reconciliation task to compare one or more top-level authorized configuration items (CIs) with the corresponding actual CIs.

About this task

The system displays the following results in the CI Reconciliation Results application:
Comparison results
Data that results from comparing authorized CIs with the corresponding actual CIs. The comparison results that the system displays in the CI Reconciliation Results application depend on the parameter that you select in the Comparison Results field when you define a reconciliation task. You can choose one of the following display options for comparison results:
  • All results, including both successful and failed matches.
  • Instances where the object and attribute of the authorized CI failed to match the actual CI.
  • Instances where the object and attribute of the authorized CI successfully matched the actual CI.
Link failures
When the system processes a reconciliation task, it attempts to match each authorized CI object and attribute with the corresponding actual CI attribute. If the system finds a match, it displays the link result in the CI Link Results application. If the system does not find a match, or if it finds multiple matches, it displays link failures in the CI Reconciliation Results application. A link failure reflects a mismatch between the authorized CI and the corresponding actual CI, and so it might indicate an unauthorized change.

To view audit results, follow these steps:

Procedure

  1. Click Open menu > Administration > Reconciliation > CI Reconciliation Results.
  2. In the CI Reconciliation Results application, place the cursor in the CI Reconciliation Result field. Type a filter term if you want to limit the list of records. Press Enter.
  3. Select the result record that you want to view.
  4. By default, both comparison results and link failures are displayed. If you want to view only link failures or comparison results, you can use the advanced search feature to select either link results or comparison results.
    1. In the CI Reconciliation Results application, click Advanced Search.
    2. On the Advanced Search menu, select More Search Fields.
    3. In the Result Type field, click Select Value to select the type of result that you want to view.
    4. In the Select Value dialog box, select COMPARISON or LINK. The application displays the selected value in the Result Type field on the More Search Fields dialog box.
    5. On the More Search Fields dialog box, click Find.
    6. To open a record, click the underlined record identifier in the Reconciliation Task column. The application displays the result record on the CI Reconciliation Result tab.