Issue Data Structure

The standard components for each Issue.
Each Issue has the following standard components. For more details on each component, see List View and Detail View:
  • Issue Name
    —Combination of the
    Issue Type
    , such as Insecure TLS, and either a
    Domain
    , such as dev.acme.com, or an
    IP address
    . Issues on a customer’s On-premise IP Range include the corresponding IP in the Issue Name. If the Issue is hosted in the Cloud and attributed via a Domain, then the corresponding domain appears in the
    Issue Name
    . Issue Names end with the port number. IP and Domain are also available as separate fields for API usage.
  • Activity Status—Cortex® Xpanse™ automatically sets an
    Issue Activity Status
    based on how recently we saw the Issue.
  • Priority—The options for priority are
    Critical
    ,
    High
    ,
    Medium
    , and
    Low
    . Cortex Xpanse automatically sets a priority upon Issue creation. Users can then modify the priority of an Issue as they see fit. A custom default priority for all new Issues of a given type can be set on the
    Policies
    page.
  • Progress Status—Issues are either
    Open
    or
    Closed
    . Each designation includes different progress status settings, such as
    New
    ,
    Investigating
    ,
    In Progress
    ,
    Resolved
    ,
    No Risk
    , and
    Acceptable Risk
    .
  • Assigned To
    —You may assign an Issue to any Expander user. If the assignee turns on Email Digests, they will receive all updates to their assigned Issues.
  • First Added
    —This is the date that Cortex Xpanse first identified the Issue.
  • Evidence
    —Cortex Xpanse bases evidence on our scan results. The evidence varies with the kind of Asset and evidence type. Evidence is available in the Issue Detail view and via the Expander API.
  • Associated Assets
    —Issues include all associated Assets. There is additional information for each Asset, including
    Attribution Reasons
    ,
    Registration Records
    ,
    Business Units
    ,
    Tags
    , and
    Hosting Provider
    .
  • Cloud Management Status
    —An issue's cloud management status tells you if the asset underlying the issue has been onboarded into the Prisma Cloud instance(s) that you have connected to Expander. To connect a Prisma Cloud instance, see Prisma Cloud API Connectors. The
    Cloud Management Status
    has three possible values:
    Unmanaged Cloud
    (the underlying asset is not in Prisma Cloud),
    Managed Cloud
    (the underlying asset is in Prisma Cloud), and
    Not Applicable
    (the distinction is not relevant). You can filter by cloud management status in either the Services UI or API.

Recommended For You