The default progresses for findings are New, InProgress,
Remediated and Closed. They can be amended or changed
under Settings > ProgressList to meet the organization's needs.
The Priority has to be a unique value between 1 and 127.
The progress with the highest priority will be treated as Open,
the progress with the lowest priority will be treated as Closed.
A tenant's security analyst opens a particular finding. Now all
affected assets are shown in the sidebar. They set the status to
InProgress for one or multiple assets within the finding,
as they are now working on this issue.
Now the organization works on remediating the finding. Once remediated,
the status should be changed to Remediated.
Step 3:
Ideally the remediation should be confirmed by waiting for the next scan –
in our working model this is one week as a maximum. If the finding is not
detected anymore, the StillDetected flag changes to No. Now the
finding`s status can be changed to Closed. Once the finding is set to
Closed for all endpoints within the finding, the finding`s status will
automatically change to Closed.
Alternatively, it is possible to start from an asset-based view and start
working on potentially multiple findings on this endpoint. The figure
below shows two different findings on the system windows06-pg01. The findings
can now be selected, and their status can be changed and/or they can be set
to legitimate.
Sometimes the same finding represents an incident for one customer while
another customer finds the same thing to be legitimate – or at least
legitimate for this particular endpoint. For this reason, a finding that
is not intended to be remediated can also be flagged Legitimate. This
can be done by clicking on the finding and selecting the AffectedAssets
tab. One can now select one or multiple assets and change their status or
set the finding to legitimate.
Let's consider a situation where a finding has been closed but the next
scan finds the very same issue on one endpoint within the finding. In
this case the entire case will be flagged with CallforAction. The
picture below shows a finding that has been set to closed, but we find
it highlighted and the CallforAction column states Yes.
However, if a finding has been flagged to be legitimate the CallforAction
flag will not be set. The picture below shows a finding regarding Laudanum
that was detected on two endpoints.
As we can see, the finding is closed and not highlighted, although it is
still detected on the second asset. The reason for this is that it has
been set to Legitimate.
Comments are intended to be used for communication between a tenant's
employees and the service providers' customer care team. Comments can
be assigned to an asset or to a case.
