Search and Filter Bar

The filter bar for Issues provides a drop-down box for each filter, where the criteria are set in the Issues Detail View.
Filter Bar
provides a drop-down box for each filter. These criteria are set in the
Issues Detail View
. To set a single filter, select the
drop-down criteria, such as
Critical Priority
. Once you have selected your filter criteria, click
Apply Filters
. The following are the available filters:
  • Filtering and Searching
    —In addition to filtering, Cortex Xpanse provides the ability to conduct extensive searches of Issues content. There are four categories of searches:
    • Content search
      —Cortex Xpanse searches on a broad range of fields for Issues, including name and certificates, such as issuer, full name, countries, org, extensions, public key, and subject. Some things to consider when conducting content searches:
      - If you are looking for domains, IP/CIDR, or ports, using those specialized searches will be much faster, though the
      Content search
      will still work.
      - The
      Content search
      uses prefixes and phrases, but not suffixes. For example, if you search on “Work” you will receive any issue that contains any word starting with “work”, such as work, workgroup, and workstation. If you search on “Group,” you will not see Issues that contain the “Workgroup.”
    • Domain Search
      —Domain searches are meant to be targeted searches. Specify the complete domain, such as, if possible. Domain search will also search on the name, such as acme, or a subset of the full domain, such as www.acme or
      Domain Search
      does not use boolean, such as AND, OR, and NOT, or wildcard, such as
      , operators.
    • IP/CIDR
      —Cortex Xpanse expects a valid IP/CIDR address, such as or You may also search on an IP Address range, such as -, or you may use a wildcard, such as 1.1.1.*.
    • Port
      —For a port search, you can enter one port, such as 80, or a set of ports, such as 80, 443, 8080. Cortex Xpanse does not search on a range of port numbers, such as 80 - 100, or support wildcards, such as 80*.
  • Cloud Management Status
    —Filters on
    Unmanaged Cloud
    (public-facing assets that were found exclusively by Xpanse) and
    Managed Cloud
    (assets that are listed in Prisma).
  • Priority
    —The options for priority are
    , and
    . Cortex® Xpanse™ automatically sets a priority upon Issue creation. You may set the default priority for an Issue type, such as Elasticsearch Server, RDP Server, and WordPress Server, on the
    page. Priorities are initially assigned to
    , or
    . A Critical priority is available as a user-assigned action giving you room to escalate important findings and make the easy to filter down to. You may change the priority of an Issue at any time. All priority changes, including modifying user, previous priority level, and time of the change, are automatically logged by Cortex Xpanse.
  • Progress
    —Setting this filter will limit the list view based on Issue progress. There are two levels to this drop-down:
    • Open Issues
      —Cortex Xpanse automatically opens a new Issue with a
      —Cortex Xpanse recommends setting an Issue status to
      status as a first step to remediating the Issue. Typically, this step involves conducting an investigation to understand the business context of this issue. This information is important to identify potential service owners who may assist in remediation.
      As soon as a point of contact (POC) is confirmed, specify the contact information to the asset record associated with the Issue.
      In Progress
      —Cortex Xpanse recommends setting an Issue status to
      In Progress
      as soon as the initial investigation is complete, such as service owners are identified and contacted. The Issue should remain
      In Progress
      as long as remediation is ongoing.
    • Closed Issues
      —Cortex Xpanse recommends setting an Issue to
      once investigation and remediation are complete. It is important to note that if Cortex Xpanse sees the Issue reappear, the Issue will be reopened and assigned a
      Issue status. Reopened Issues retain the complete history of comments and status changes.
      Acceptable Risk
      —Cortex Xpanse recommends setting an Issue to
      Acceptable Risk
      if this Issue meets the organization’s level of acceptable risk. This could mean that the Issue was remediated to a point where it now meets an acceptable risk. It is important to note that an Issue that is set to
      Acceptable Risk
      will not trigger new Issues, even though Cortex Xpanse will continue to see this Issue. For this reason, only Issues that cannot be resolved should be set to
      Acceptable Risk
      . Otherwise, you should remediate the issue and resolve it completely.
      No Risk
      —Cortex Xpanse provides the No Risk status to allow you to mark Issues for which there are mitigating controls or protections in place that are not observable by our platform. Like
      Acceptable Risk
      No Risk
      will not trigger new Issues, even if Cortex Xpanse continues to see evidence of that kind of problem. Therefore, we urge you to use the
      No Risk
      status only when a through investigation has been performed and to periodically re-assess any
      No Risk
      Issues to confirm they continue to not pose a risk to your organization.
  • Assignee
    —Assignees are registered users of the Cortex Xpanse platform.
  • Status
    —Cortex Xpanse automatically sets an
    Issue Activity Status
    based on how recently an Issue was seen:
    • Active
      —Cortex Xpanse has recently observed evidence indicating that the Issue is still valid.
    • Inactive
      —An Issue becomes inactive once Cortex Xpanse no longer observes the evidence associated with the asset or service. Clicking
      Ready to Close
      displays all Inactive Issues. How long Cortex Xpanse waits before declaring an Issue
      is a factor of the type of evidence and scan frequency. There are a number of reasons why this occurs:
      -The asset or service is no longer displaying the evidence because the asset or service is reconfigured. For example:
      1. An expired certificate has been replaced with a fresh certificate.
      2. An unencrypted FTP server has been reconfigured to use only encrypted SFTP.
      3. A web server using insecure TLS/SSL is reconfigured to use only secure cipher suites and versions.
      -The asset or service is no longer responsive or routable via the public Internet. For example:
      1. The service may have been shut down.
      2. The service is now behind a firewall and is not longer routable on the public internet.
      -If the Issue is seen again, Cortex Xpanse automatically changes the Issue to
  • Business Unit
    —Filters by the assigned business unit.
  • Provider
    —Filters by hosting provider.
  • Provider Account
    —Filters by the specified integrated managed cloud resource from the given provider account.
  • Tag
    —Filters by tags that have been applied to the Issues.
  • Remote Attack Surface
    —Filters for devices on remote networks or corporate networks.
    Devices on Remote Networks
    includes issues on devices on a public IP address that is currently unmanaged or not owned by your organization.
    Devices on Corporate Networks
    includes issues on devices that are on a public IP address that is owned or managed by your organization, including remote devices through VPNs.
  • Country
    —Filters by country based on IP geolocation.
  • Issue Type
    —The Issue Type filter is located in a panel to the left of the issue list. The Issue Types are grouped into categories. Click the arrow to the left of any category to show the list of all of the Issue Types within that category. You can select one or more individual issue types or issue categories, and then
    the filter.

Recommended For You