Search and Filter Bar
The Filter Bar provides a drop-down box for each filter, where the criteria are set in the Issues Detail View.
Filter Barprovides a drop-down box for each filter. These criteria are set in the
Issues Detail View. To set a single filter, select the
Filterdrop-down criteria, such as
Critical Priority. Once you have selected your filter criteria, click
Apply Filters. The following are the available filters:
- Priority—The options for priority areCritical,High,Medium, andLow. Cortex® Xpanse™ automatically sets a priority upon Issue creation. You may set the default priority for an Issue type, such as Elasticsearch Server, RDP Server, and WordPress Server, on thePoliciespage. Priorities are initially assigned toLow,Medium, orHigh. A Critical priority is available as a user-assigned action giving you room to escalate important findings and make the easy to filter down to. You may change the priority of an Issue at any time. All priority changes, including modifying user, previous priority level, and time of the change, are automatically logged by Cortex Xpanse.
- Progress Status—Setting this filter will limit the list view based on Issue progress. There are two levels to this drop-down:
- Open Issues-New—Cortex Xpanse automatically opens a new Issue with aNewstatus.-Investigating—Cortex Xpanse recommends setting an Issue status toInvestigatingstatus as a first step to remediating the Issue. Typically, this step involves conducting an investigation to understand the business context of this issue. This information is important to identify potential service owners who may assist in remediation.As soon as a point of contact (POC) is confirmed, specify the contact information to the asset record associated with the Issue.-In Progress—Cortex Xpanse recommends setting an Issue status toIn Progressas soon as the initial investigation is complete, such as service owners are identified and contacted. The Issue should remainIn Progressas long as remediation is ongoing.
- Closed Issues-Resolved—Cortex Xpanse recommends setting an Issue toResolvedonce investigation and remediation are complete. It is important to note that if Cortex Xpanse sees the Issue reappear, the Issue will be reopened and assigned aNewIssue status. Reopened Issues retain the complete history of comments and status changes.-Acceptable Risk—Cortex Xpanse recommends setting an Issue toAcceptable Riskif this Issue meets the organization’s level of acceptable risk. This could mean that the Issue was remediated to a point where it now meets an acceptable risk. It is important to note that an Issue that is set toAcceptable Riskwill not trigger new Issues, even though Cortex Xpanse will continue to see this Issue. For this reason, only Issues that cannot be resolved should be set toAcceptable Risk. Otherwise, you should remediate the issue and resolve it completely.-No Risk—Cortex Xpanse provides the No Risk status to allow you to mark Issues for which there are mitigating controls or protections in place that are not observable by our platform. LikeAcceptable Risk,No Riskwill not trigger new Issues, even if Cortex Xpanse continues to see evidence of that kind of problem. Therefore, we urge you to use theNo Riskstatus only when a through investigation has been performed and to periodically re-assess anyNo RiskIssues to confirm they continue to not pose a risk to your organization.
- Assignee—Assignees are registered users of the Cortex Xpanse platform.
- Issue Type—This field displays a drop-down menu to filter on specific Issue Types.
- Activity Status—Cortex Xpanse automatically sets anIssue Activity Statusbased on how recently an Issue was seen:
- Active—Cortex Xpanse has recently observed evidence indicating that the Issue is still valid.
- Inactive—An Issue becomes inactive once Cortex Xpanse no longer observes the evidence associated with the asset or service. ClickingReady to Closedisplays all Inactive Issues. How long Cortex Xpanse waits before declaring an IssueInactiveis a factor of the type of evidence and scan frequency. There are a number of reasons why this occurs:-The asset or service is no longer displaying the evidence because the asset or service is reconfigured. For example:
-The asset or service is no longer responsive or routable via the public Internet. For example:
- An expired certificate has been replaced with a fresh certificate.
- An unencrypted FTP server has been reconfigured to use only encrypted SFTP.
- A web server using insecure TLS/SSL is reconfigured to use only secure cipher suites and versions.
-If the Issue is seen again, Cortex Xpanse automatically changes the Issue toActivestatus.
- The service may have been shut down.
- The service is now behind a firewall and is not longer routable on the public internet.
- Filtering and Searching—In addition to filtering, Cortex Xpanse provides the ability to conduct extensive searches of Issues content. There are four categories of searches:
- Content search—Cortex Xpanse searches on a broad range of fields for Issues, including name and certificates, such as issuer, full name, countries, org, extensions, public key, and subject. Some things to consider when conducting content searches:- If you are looking for domains, IP/CIDR, or ports, using those specialized searches will be much faster, though theContent searchwill still work.- TheContent searchuses prefixes and phrases, but not suffixes. For example, if you search on “Work” you will receive any issue that contains any word starting with “work”, such as work, workgroup, and workstation. If you search on “Group,” you will not see Issues that contain the “Workgroup.”
- Domain Search—Domain searches are meant to be targeted searches. Specify the complete domain, such as www.acme.com, if possible. Domain search will also search on the name, such as acme, or a subset of the full domain, such as www.acme or acme.com.Domain Searchdoes not use boolean, such as AND, OR, and NOT, or wildcard, such as?or*, operators.
- IP/CIDR—Cortex Xpanse expects a valid IP/CIDR address, such as 220.127.116.11 or 18.104.22.168/16. You may also search on an IP Address range, such as 22.214.171.124 - 126.96.36.199, or you may use a wildcard, such as 1.1.1.*.
- Port—For a port search, you can enter one port, such as 80, or a set of ports, such as 80, 443, 8080. Cortex Xpanse does not search on a range of port numbers, such as 80 - 100, or support wildcards, such as 80*.
Recommended For You
Recommended videos not found.