Issue Data Structure

The standard components for each Issue.
Each Issue has the following standard components. For more details on each component, see List View and Detail View:
  • Issue Name
    —Combination of the
    Issue Type
    , such as Insecure TLS, and either a
    , such as, or an
    IP address
    . Issues on a customer’s On-premise IP Range include the corresponding IP in the Issue Name. If the Issue is hosted in the Cloud and attributed via a Domain, then the corresponding domain appears in the
    Issue Name
    . Issue Names end with the port number. IP and Domain are also available as separate fields for API usage.
  • Activity Status—Cortex® Xpanse™ automatically sets an
    Issue Activity Status
    based on how recently we saw the Issue.
  • Priority—The options for priority are
    , and
    . Cortex Xpanse automatically sets a priority upon Issue creation. Users can then modify the priority of an Issue as they see fit. A custom default priority for all new Issues of a given type can be set on the
  • Progress Status—Issues are either
    . Each designation includes different progress status settings, such as
    In Progress
    No Risk
    , and
    Acceptable Risk
  • Assigned To
    —You may assign an Issue to any Cortex Xpanse user.
    If the assignee turns on Email Digests, they will receive all updates to their assigned Issues.
  • First Added
    —This is the date that Cortex Xpanse first identified the Issue.
  • Evidence
    —Cortex Xpanse bases evidence on our scan results. The evidence varies with the kind of Asset and evidence type. Evidence is available in the Issue Detail view
    and via the Expander API
  • Associated Assets
    —Issues include all associated Assets. There is additional information for each Asset, including
    Attribution Reasons
    Registration Records
    Business Units
    Hosting Provider
  • Cloud Management Status
    —An issue's cloud management status tells you if the asset underlying the issue has been onboarded into the Prisma Cloud instance(s) that you have connected to Cortex Xpanse. To connect a Prisma Cloud instance, see Prisma Cloud API Connectors. The
    Cloud Management Status
    has three possible values:
    Unmanaged Cloud
    (the underlying asset is not in Prisma Cloud),
    Managed Cloud
    (the underlying asset is in Prisma Cloud), and
    Not Applicable
    (the distinction is not relevant). You can filter by cloud management status in either the Services UI or API.

Recommended For You