Triaging issues

All issues are classified as new by default. You can see an issue classification by viewing the issue status.

About this task

Use issue triage to help you:

Reduce noise so that you can focus on the real issues.
While you are reviewing issues, classify those issues that do not need to be fixed as noise or passed. Noise issues include those issues that might be false positives. Passed issues require manual verification or review. After you classify issues as noise or passed, you can then focus on other issues, such as open, reopened, and in progress. Issues that are open or reopened have a negative impact on your overall summaries.
Track progress toward remediation.
Track progress by evaluating each new issue and classifying it as fixed, in progress, noise, or passed. Assigning issues a status helps you better manage the volume of issue data. Identify and track what issues to fix first and what does not need to be fixed at all.
Show positive results.
Classifying issues also helps you show positive results or progress in your organization's scores. This gives key stakeholders a more realistic picture of your site's performance.
Auto-close issues.

Auto-close issues feature helps to streamline and enhance the issue resolution process while triaging issues. With this functionality enabled, the system will automatically mark an identified issue as 'Fixed' if it is no longer detected in a consecutive scan of the same target during a rescan. This automation not only expedites the closure of resolved issues but also ensures that security teams can focus their efforts on addressing active threats. Administrators and Asset managers can enable this setting at organization level and asset group level respecively through the Settings page. In addition, the 'Allow override' option allows assets managers to configure asset group-specific settings, diverging from the default Organization settings.

The auto-close feature is not applicable in cases where the scan target differs, such as a new scan with a different target, an incremental scan, or when a different IRX file is used for the scan.

Procedure

  1. In an Application tab, click to the Issues view.
  2. Sort the Status column to arrange the issues by the weight of critical classification (open, in progress, reopened, noise, passed, fixed, new).
  3. Click the row for a specific issue to open the Issue information pane.
    This panel contains valuable information about the issue, such fix recommendations, comments, and fix groups. Use this information to help determine whether the issue is really an issue for your organization.
  4. To change an issue status from a new state:
    1. Verify that an issue is really an issue according to your corporate standards before you change its status or assign it to be fixed. Click the Location link to open the page in a new browser. By checking the live page of the issue, you can see the full context of the issue as your website users might experience it.
    2. If the issue needs further attention but you are not assigning it yet to be fixed, classify it as open.
    3. If the issue needs further attention, classify it as in progress. Then you can assign it to a team member to fix.
    4. If the issue does not need further attention, classify it as fixed, noise, or passed.
    5. When the issues are fixed, run the appropriate scans again in your third-party scanner. Import the issues again and repeat the process until all of the issues are triaged.
      Note: When a closed issue is found again it is automatically reopened. Open issues are automatically closed only if auto close is enabled and the issue was closed as part of a rescan. See Issue status