Configure AI Incident Prevention
The AI Incident Prevention module enables you to assess and analyze the risk associated with proposed changes in your IT environment. It calculates a risk score based on specific change fields and compares the planned change with historical data to identify potential risks.
Within the AI Incident Prevention web app, you can view your dashboards and configure all settings related to change risk.
The following sections are available in the web app for AI Incident Prevention users:
Dashboards
Configuration
Guides and Resources
Access Controls
Configuration modules
AI Incident Prevention dashboards and configuration modules are accessed through the Web App.
If your organization has both AI Incident Prevention and AI Incident Assistant, the following configuration modules will appear alongside other configuration modules in the AI Incident Assistant web app. If not, you will only see the modules and dashboards available for AI Incident Prevention.
Dashboards
The Dashboards module gives you access to analytics and data related to your organization's change requests. Use the Change Analytics and Change Risk Prediction dashboards to find risk prediction information and help prevent incidents before they happen.
These dashboards are only available to organizations who purchased AI Incident Prevention.
See the AI Incident Prevention Dashboards documentation for more information.
Configuration
The Configuration module allows you to customize AI Incident Prevention to meet your organization's workflows.
In this module, you can view and customize configurations related to:
General Settings - Set up preferences related to the LLM.
Integrations - Connect the tools that AI Incident Prevention can access information from in real-time.
Change Risk - Configure settings related to Change Risk dashboards.
Manage Data - Upload documents and see an overview of your indexed documents across different source categories.
General Settings
In the General Settings section, configure LLM settings.
Under LLM Settings, configure settings related to your large language model provider. Updating this section requires approval from BigPanda.
Integrations
In the Integrations section, you can configure tools to connect with AI Incident Prevention. The following integrations are available:
Jira
ServiceNow
BMC Remedy
Change Risk
In the Change Risk settings, configure risk evaluation criteria for your organization, adjust the weightings of each risk category, configure the Change Risk Dashboard settings, and determine if risk assessments will be passed to your ITSM system.
Change Risk Settings
In the Change Risk Settings section, you can configure:
Change Risk Profiles
Use change risk profiles to create multiple, separate change risk configurations. Change risk profiles can be used to filter the Change Risk Dashboard. This is helpful for organizations that have teams that use different risk evaluation criteria.
In Change Risk Settings, select a change risk profile to view or edit from the drop-down menu.
Best practice
When editing any of the change risk settings, always verify that you have the correct profile selected before saving any changes.
The default change risk profile has a star next to the name. The default change risk profile always opens first when you go to the change risk configuration page.
Create a New Change Risk Profile
To create a new change risk profile:
Click Create New.
In the Create New Profile window, populate the following information:
Profile Name - a descriptive name for the change risk profile.
Description (Optional) - information about the profile's use or goals.
Copy from current single-mode settings - click the box to copy the current settings as a template for creating the new profile.
Click Create Profile.
(Optional) If you would like this profile to be the default that appears when you enter the configuration page, click Set as Default.
Manage Change Risk Profiles
To edit a change risk profile, click the Pencil icon, update the Profile Name or Description and click Update Profile.
To change the default change risk profile, go to the profile you'd like to set as default and click the Set as Default button.
To delete a change risk profile, click the Trash Can icon and select Confirm.
Org-Specific Risk Evaluation
In addition to the risk analysis AI Incident Prevention performs, you can also define your own evaluation criteria. The criteria defined in this section apply to the change risk profile you are configuring. You can set up different evaluation criteria for each change risk profile.
Under Evaluation Instructions, define additional evaluation guidelines for the LLM to follow.
Writing custom risk evaluation instructions
Write evaluation instructions the same way you would explain to a coworker what makes a change risky or not.
You can write these instructions in a free-form way or use if/else decision logic format.
Change Eligibility / Retrieval
In the Change Eligibility / Retrieval section, view which changes from ServiceNow are eligible for risk assessment for the selected change risk profile.
Read-only settings
Change Eligibility / Retrieval settings can only be updated by BigPanda. If you need to edit these settings, contact your BigPanda account team.
Change Eligibility/ Retrieval Control
Change Eligibility / Retrieval settings control which changes are retrieved from ServiceNow via a polling mechanism and then evaluated by the Change Risk Prediction engine. This retrieval is separate from Unified Data Connector filters.
The ServiceNow Query Filter field uses a query string to filter which changes from ServiceNow are indexed.
The Scheduled Start Field determines when changes are scheduled.
The Last Indexed Value displays the last sys_updated_on value that was successfully processed by the indexing service.
Risk Category Weightings
Under Risk Category Weightings, adjust the weight of risk categories. These weightings determine how the final risk score is calculated.
Adjust the weightings using the sliding bar or by typing a number into the box on the right side of each category.
Total weightings
The total of all risk category weightings must equal 100.
The following risk categories are available:
Risk Category | Description |
|---|---|
Implementation Risk | Documented change plan quality, implementation complexity, and the nature of the change. |
Topological Impact Risk | Which parts of the environment will be affected and how critical they are. |
Team and Individual Risk | The calculated experience level and reliability of the team or individual performing the change. |
Historical Incident Risk | Likelihood of causing an incident based on historically similar changes that caused incidents. |
Organization-Specific Risk | Your organization-specific risk evaluation guidelines or criteria, defined in Evaluation Instructions. |
Field Visibility Settings
In the Field Visibility Settings, determine which fields will appear by default in the Change Risk Dashboard Change Details tab.
User default settings
Individual users can select their own default fields in the Change Details tab. User defaults are user-specific and take precedence over field visibility settings.
Use the toggles to enable or disable Standard Fields, or search for Additional ServiceNow Fields to display.
Incident Priority Filter
Use the Incident Priority Filter section to control which incident priority levels are considered in risk analysis.
When enabled, only the selected priorities are included in historical incident risk, topological impact, and team/individual track record calculations. When disabled, all priorities are considered.
Use the checkboxes to select or deselect specific priority levels.
Toggle on Include Unknown Priority to include incidents without a priority set.
Custom Data Sources
Experimental feature
This functionality is in active development and considered experimental. We're continuously improving it based on user feedback and real-world usage patterns.
Use the Custom Data Sources section to select external data sources to include when using this profile to evaluate changes.
Existing data sources automatically appear at the top of this section. To add a source, click Configure Sources.
In the Custom Data Sources page, click + Add Source.
In the top section of the configuration page, populate the Source Name, Source Type (ServiceNow, Integration, or Custom HTTP), and Description.
Configure the following sections:
Request Configuration
Define the API call to be made for each change risk evaluation.
Depending on which source type you selected, populate the following information:
Source Type | Request Configuration Fields |
|---|---|
ServiceNow | Populate the following fields:
Enable Return Display Values to return a display value. |
Integration | Select an Integration from the drop-down menu. The integration's authentication, base URL, and relay routing will be used for the requests. Specify the HTTP Method, Path, Headers, and Query Parameters. Use |
Custom HTTP | Used for custom data sources. Enter a Base URL and select the Auth Type. You can select from Basic, Bearer, API Key, or Custom Headers. For on-prem APIs, enable the Route via relay client toggle. |
Parameters
Define dynamic values that change per change request.
For example, a parameter cmdbCiSysId mapped to change.cmdb_ci.value lets you query CMDB using the current change's CI. Reference them as {{cmdbCiSysId}} in your request configuration.
To add a parameter, click + Add Parameter. Populate the Parameter Name, Description, and select a Type (Static, Template, or AI) from the drop-down menu.
For Static, enter a fixed value that will be used every time.
For Template, enter a field to map to on the change record (For example, change.number, change.cmdb_ci.value).
For AI (LLM), enter a prompt that describes how the LLM should extract or derive the value from the change description.
Execution Condition (Optional)
Control when the source executes. By default, it runs for every change. Select from the following options:
Always execute - The source executes for every change.
Only when field conditions are met - The source executes when specific properties match. If you select this option, enter a Condition below.
Only when AI determines it is relevant - The source executes when the AI determines the conditions are met, based on a prompt. If you select this option, enter the conditions the LLM should use to evaluate in the prompt.
Response Handling
Configure how the API response is processed before being included in the risk evaluation. Populate the following fields:
Context Label - Short, descriptive name for this data shown to the AI during risk evaluation. (For example,
Jira Related Issues)JSON Path (Optional) - Extract a specific subtree from the JSON response before processing. (For example,
$.resultextracts just theresultarray from a ServiceNow Table API response, reducing noise.)Description for AI - Explanation of what this data represents and how it should be used during risk evaluation. This helps the AI interpret the data correctly.
Large Response Strategy - Choose how to handle large responses.
Select Summarize with AI to allow the AI to summarize the response. You can optionally include Custom Summarization Instructions.
Select Truncate at Character Limit to truncate the response once it has reached the maximum number of characters.
Caching and Options
Toggle on Enable Caching to use caching for requests. Caching avoids repeated API calls when the same parameters resolve to the same values. (For example, multiple changes on the same CI share cached CMDB data)
If you choose to enable caching, set a Timeout in milliseconds. Timeout controls how long to wait for the API response.
Select if you'd like to Continue on failure. Toggle this option on so that a failed source will not block the entire risk evaluation.
Dashboard Settings
Under Dashboard Settings, configure how the Change Risk Dashboard appears for users in your organization.
In the Default Time Range section, set the default time range for the Change Risk Dashboard. This determines which changes are displayed when users first visit the dashboard.
In the Data Visibility section, determine what information is displayed on change risk assessment pages. Use the Hide Individual Names toggle to determine whether names will appear in the Team or Individual Risk details tab.
Notification Settings
Under Notification Settings, configure notifications for high-risk changes.
Use the Enable Risk Notifications toggle to determine if notifications will be sent when a change exceeds the risk threshold.
When risk notifications are enabled, you can set the Risk Threshold for when notifications will be sent. Changes with a risk score at or above the threshold will trigger a notification.
Notification Destinations
The Notification Destinations section appears if you've enabled risk notifications.
Toggle Send to Channels on to send high-risk changes to Slack or Teams channels. Use the drop-down menu to select one or more channels to send changes to.
Toggle Send as Email on to send changes to specific email addresses. Enter a comma-separated list of email addresses to receive notifications in the text box.
Category Score Notification Thresholds
You can choose to receive notifications when a risk category score exceeds a specific threshold.
To enable notifications for a specific risk category, click the toggle next to the category name and select the Score Threshold.
Whenever a category receives a risk score above the threshold, a notification will be sent to the configured notification destination(s).
Post Results to ITSM Record
If ServiceNow is your change tool, you can define where and how analysis outputs are written into change records.
Toggle Enable Work Note Publish on to include analysis fields from AI Incident Assistant in ServiceNow change record work notes.
In the Risk Threshold section, define the risk score that a change must meet or exceed to be posted to a work note. If the score crosses the threshold again later, a concise update will be appended instead of the full preview.
Click the Add Analysis Fields drop-down to select the fields to be included. The following options are available:
Field | Description |
|---|---|
Overall Risk | Overall risk score and rating for the change. |
Risk Prediction | Analysis of potential risks and outcomes. |
Risk Reasoning | AI-generated reasoning explaining the risk assessment rationale. |
Suggested Mitigations | Recommended actions to reduce identified risks. |
After selecting analysis fields, the ServiceNow Work Note Preview appears.
Manage Data
The Manage Data page provides an overview of your indexed documents across different source categories. AI Incident Prevention uses indexed document data to accurately determine change risk.
See the Manage Data documentation for more information.
Audit Log
Use the Audit Log to track configuration changes across your organization. The 200 most recent changes are displayed.
See the Audit Log documentation for more information.
Guides and Resources
The Guides and Resources module of the Web App provides helpful information and tips for using AI Incident Prevention and information about the latest updates to the app.
The following sections are available in the Guides and Resources module:
Quickstart - Introduction to AI Incident Prevention, including best practices and examples.
Release Notes - Details about the latest AI Incident Prevention releases.
Access Controls
In the Access Controls section, you can create and manage users, control which tasks they can perform, and which areas of the web app they have access to.
AI Incident Prevention uses the same access control functionality as the AI Incident Assistant. See the Manage AI Incident Assistant Access Controls documentation for more information.