Evidence

The Evidence section of the Issue Detail provides the evidence that Cortex® Xpanse™ uses to attribute and assess the Issue.
The
Evidence
section of the
Issue Detail
provides the evidence that Cortex® Xpanse™ uses to attribute and assess the Issue.
The
Evidence
section contains the following information:
  • Activity Status—This field indicates the current status of the Issue. There are two states:
    • Active
    • Inactive
      —When an Issue is
      Inactive
      , a third field indicates when the Issue was last active.
  • Cloud Management Status
    —Indicates whether the issue is for a
    Managed Cloud
    or
    Unmanaged Cloud
    asset.
    This field displays cloud management status only if the Unmanaged Cloud module has been set up. If the Unmanaged Cloud module has not been set up, this field indicates
    Not Applicable
    .
  • ID
    —Unique identifier for the issue. This identifier appears in the issue URL.
  • Review Issue Evidence
    • Evidence Type
      —This field indicates the specific type of evidence that underlies the Issue. There are two primary Issue types:
      -
      Scan Evidence
      —This field comes from Cortex Xpanse's scans of the organization's Assets.
      -
      Asset Evidence
      —This field comes from publicly available information including DNS records, IP range registration records, content in certificates, and other internet registration records.
    • For more information, see Available Issue Policies.
  • Associated Assets
    —These are the underlying Assets associated with the Issue. Click the
    Associated Asset
    title to see all information associated with that Asset.
  • Ownership Link
    —Clicking this link will also take you to the corresponding Asset detail page.
  • Attribution Reasons
    —Entries under the ownership link indicate the reason for attribution. This information is copied from the Asset information.
  • Points of Contact
    • If the Asset has a point of contact, this information is displayed.
    • To add an Asset point of contact, click the
      Ownership Link
      and scroll to the
      Create new or add existing contacts
      . Assigning contacts to an asset is critical to expedite Issue investigation and remediation.
  • Summary and Registration
    • IP Ranges
      —If the Issue is attributed to your organization via an IP range, Cortex Xpanse provides IP registration details. These details include the name, handle, and date Cortex Xpanse last ingested registration info for this range. This is followed by the registration details.
    • Certificates
      —If the Issue is attributed to your organization via a certificate, Cortex Xpanse provides certificate details. These details include subject, issuer, fingerprint, and public key.
    • Domains
      —If the Issue is attributed to your organization via a domain, Cortex Xpanse provides domain details. These details include the exact domain associated with the Issue, the attributed or parent domain, and key dates. This is followed by domain registration details.
  • Business Units
    —The "business unit" is the parent organization that owns the asset. This may be your core company or one of your subsidiaries. A business unit assignment occurs during the network mapping process. To change the business unit assigned to a given asset, talk to your Engagement Manager.
  • Tags
    —Tags are one of three means to annotate assets. The other two options are points of contact and notes.

Recommended For You