Search and Filter Bar

The Filter Bar provides a drop-down box for each filter, where the criteria are set in the Issues Detail View.
The
Filter Bar
provides a drop-down box for each filter. These criteria are set in the
Issues Detail View
. To set a single filter, select the
Filter
drop-down criteria, such as
Critical Priority
. Once you have selected your filter criteria, click
Apply Filters
. The following are the available filters:
  • Priority
    —The options for priority are
    Critical
    ,
    High
    ,
    Medium
    , and
    Low
    . Cortex® Xpanse™ automatically sets a priority upon Issue creation. You may set the default priority for an Issue type, such as Elasticsearch Server, RDP Server, and WordPress Server, on the
    Policies
    page. Priorities are initially assigned to
    Low
    ,
    Medium
    , or
    High
    . A Critical priority is available as a user-assigned action giving you room to escalate important findings and make the easy to filter down to. You may change the priority of an Issue at any time. All priority changes, including modifying user, previous priority level, and time of the change, are automatically logged by Cortex Xpanse.
  • Progress Status
    —Setting this filter will limit the list view based on Issue progress. There are two levels to this drop-down:
    • Open Issues
      -
      New
      —Cortex Xpanse automatically opens a new Issue with a
      New
      status.
      -
      Investigating
      —Cortex Xpanse recommends setting an Issue status to
      Investigating
      status as a first step to remediating the Issue. Typically, this step involves conducting an investigation to understand the business context of this issue. This information is important to identify potential service owners who may assist in remediation.
      As soon as a point of contact (POC) is confirmed, specify the contact information to the asset record associated with the Issue.
      -
      In Progress
      —Cortex Xpanse recommends setting an Issue status to
      In Progress
      as soon as the initial investigation is complete, such as service owners are identified and contacted. The Issue should remain
      In Progress
      as long as remediation is ongoing.
    • Closed Issues
      -
      Resolved
      —Cortex Xpanse recommends setting an Issue to
      Resolved
      once investigation and remediation are complete. It is important to note that if Cortex Xpanse sees the Issue reappear, the Issue will be reopened and assigned a
      New
      Issue status. Reopened Issues retain the complete history of comments and status changes.
      -
      Acceptable Risk
      —Cortex Xpanse recommends setting an Issue to
      Acceptable Risk
      if this Issue meets the organization’s level of acceptable risk. This could mean that the Issue was remediated to a point where it now meets an acceptable risk. It is important to note that an Issue that is set to
      Acceptable Risk
      will not trigger new Issues, even though Cortex Xpanse will continue to see this Issue. For this reason, only Issues that cannot be resolved should be set to
      Acceptable Risk
      . Otherwise, you should remediate the issue and resolve it completely.
      -
      No Risk
      —Cortex Xpanse provides the No Risk status to allow you to mark Issues for which there are mitigating controls or protections in place that are not observable by our platform. Like
      Acceptable Risk
      ,
      No Risk
      will not trigger new Issues, even if Cortex Xpanse continues to see evidence of that kind of problem. Therefore, we urge you to use the
      No Risk
      status only when a through investigation has been performed and to periodically re-assess any
      No Risk
      Issues to confirm they continue to not pose a risk to your organization.
  • Assignee
    —Assignees are registered users of the Cortex Xpanse platform.
  • Issue Type
    —This field displays a drop-down menu to filter on specific Issue Types.
  • Activity Status
    —Cortex Xpanse automatically sets an
    Issue Activity Status
    based on how recently an Issue was seen:
    • Active
      —Cortex Xpanse has recently observed evidence indicating that the Issue is still valid.
    • Inactive
      —An Issue becomes inactive once Cortex Xpanse no longer observes the evidence associated with the asset or service. Clicking
      Ready to Close
      displays all Inactive Issues. How long Cortex Xpanse waits before declaring an Issue
      Inactive
      is a factor of the type of evidence and scan frequency. There are a number of reasons why this occurs:
      -The asset or service is no longer displaying the evidence because the asset or service is reconfigured. For example:
      1. An expired certificate has been replaced with a fresh certificate.
      2. An unencrypted FTP server has been reconfigured to use only encrypted SFTP.
      3. A web server using insecure TLS/SSL is reconfigured to use only secure cipher suites and versions.
      -The asset or service is no longer responsive or routable via the public Internet. For example:
      1. The service may have been shut down.
      2. The service is now behind a firewall and is not longer routable on the public internet.
      -If the Issue is seen again, Cortex Xpanse automatically changes the Issue to
      Active
      status.
  • Filtering and Searching
    —In addition to filtering, Cortex Xpanse provides the ability to conduct extensive searches of Issues content. There are four categories of searches:
    • Content search
      —Cortex Xpanse searches on a broad range of fields for Issues, including name and certificates, such as issuer, full name, countries, org, extensions, public key, and subject. Some things to consider when conducting content searches:
      - If you are looking for domains, IP/CIDR, or ports, using those specialized searches will be much faster, though the
      Content search
      will still work.
      - The
      Content search
      uses prefixes and phrases, but not suffixes. For example, if you search on “Work” you will receive any issue that contains any word starting with “work”, such as work, workgroup, and workstation. If you search on “Group,” you will not see Issues that contain the “Workgroup.”
    • Domain Search
      —Domain searches are meant to be targeted searches. Specify the complete domain, such as www.acme.com, if possible. Domain search will also search on the name, such as acme, or a subset of the full domain, such as www.acme or acme.com.
      Domain Search
      does not use boolean, such as AND, OR, and NOT, or wildcard, such as
      ?
      or
      *
      , operators.
    • IP/CIDR
      —Cortex Xpanse expects a valid IP/CIDR address, such as 1.1.1.1 or 1.1.1.1/16. You may also search on an IP Address range, such as 1.1.1.1 - 1.1.1.16, or you may use a wildcard, such as 1.1.1.*.
    • Port
      —For a port search, you can enter one port, such as 80, or a set of ports, such as 80, 443, 8080. Cortex Xpanse does not search on a range of port numbers, such as 80 - 100, or support wildcards, such as 80*.

Recommended For You