Use Case 04
Security baseline: all prod servers allow only ports 443 and 22. No public IPs on DB nodes. TLS 1.2+ enforced on all endpoints.
What's Actually Happening (Without ITOM)
A Terraform script opened port 8080 on DB-NODE-PROD-04 for debugging. Change was never reverted. The database node had a directly internet-accessible port open for 11 days.
What ITOM Does — Step by Step
- Configuration Compliance module continuously compares live infrastructure state against defined security baselines
- Detects drift within minutes of the Terraform run completing
- Links the drift to Terraform run ID tf-8821b for forensic traceability
- Auto-raises a HIGH risk incident ticket assigned to the security team with full remediation context
ITOM Alert Output
> ITOM Alert: Configuration Drift — HIGH RISK
> Node: DB-NODE-PROD-04
> Violation: Port 8080 exposed to 0.0.0.0/0
> Last compliant: 11 days ago
> Change agent: Terraform run tf-8821b
> No change ticket | Risk: DB internet exposure
Without ITOM vs. With ITOM
Without ITOM: Misconfiguration sits undetected for months — potential breach entry vector.
With ITOM: Remediated same day. Security team has forensic context. Zero breach.
Key Metrics
- 11 days — Open exposure window
- <5 min — ITOM detection time
- Same day — Remediation
- 0 — Data records exposed