diff --git a/app/models/manageiq/providers/openstack/network_manager/event_target_parser.rb b/app/models/manageiq/providers/openstack/network_manager/event_target_parser.rb
index 7a3836e64b..7dba001193 100644
--- a/app/models/manageiq/providers/openstack/network_manager/event_target_parser.rb
+++ b/app/models/manageiq/providers/openstack/network_manager/event_target_parser.rb
@@ -40,15 +40,10 @@ def parse_ems_event_targets(ems_event)
                     :firewall_rules
                   end
 
-    resource_id = event_payload['resource_id']
-    if resource_id
-      add_target(target_collection, target_type, resource_id)
+    rid = resource_id
+    if rid
+      add_target(target_collection, target_type, rid)
     elsif target_type == :security_groups
-      # Notifications from Panko about new security groups don't include
-      # the ID of the security group, so we can't trigger a targeted refresh.
-      # Add a dummy reference so that the collector will know that a security
-      # group was updated, and that it should refresh the whole security group
-      # inventory as a workaround. The same for security_group_rules.
       add_target(target_collection, :security_groups, nil)
     elsif target_type == :firewall_rules
       add_target(target_collection, :firewall_rules, nil)
@@ -57,6 +52,21 @@ def parse_ems_event_targets(ems_event)
     target_collection.targets
   end
 
+  def resource_id
+    # Fetch resource type name first
+    rtype = resource_type
+
+    @resource_id ||= begin
+      event_payload.dig(rtype, "id") ||
+      event_payload["resource_id"] ||
+      event_payload["#{rtype}_id"]
+    end
+  end
+
+  def resource_type
+    @resource_type ||= ems_event.event_type.split(".").first
+  end
+
   def collect_identity_tenant_references!(target_collection)
     tenant_id = event_payload['tenant_id'] || event_payload['project_id'] || event_payload.fetch_path('initiator', 'project_id')
     add_target(target_collection, :cloud_tenants, tenant_id) if tenant_id