Review findings for an asset to gain insights into an asset’s posture status.
Findings provide knowledge about an asset by leveraging the data we collect from various sources. This process helps build a more accurate and comprehensive understanding of the asset’s current state, including its configuration, behavior, and context within the environment. Additionally, findings provide visibility into potential exposures and vulnerabilities, contributing to a clearer assessment of the asset’s risk level. By continuously analyzing and updating findings, we can maintain an up-to-date view of the asset’s security posture and support more informed decision-making for detection, prioritization, and remediation efforts. For more information, see Findings and events.
Click on a finding from any location in the UI to open the findings card. For more information, see Findings card. To view all findings, go to Issues+Findings table. You can also see findings for a specific asset by opening the asset card.
Types of findings
The following table describes the different types of findings:
Note
Type | Description |
|---|---|
Code | Discovery of security issues within application source code, such as bugs, logic flaws, and insecure coding practices. |
Compliance | Discovery of compliance violations that do not adhere to the security standards for your organization. |
Configuration | Discovery of incorrect settings or configurations in systems, applications, or devices that reduce the environment's resilience and increase the potential for compromise. |
Data | Discovery of sensitive data misuse, secrets, and shadow data. |
Identity | Discovery of suspicious user identities, highlighting authentication and access control to prevent unauthorized access and minimize the risk of over-permissive access rights that could lead to security breaches. |
Malware | Discovery of malicious files within cloud workloads. |
Posture | Discovery of posture risks that might expose critical assets to potential cyberattacks and operational disruption. |
Vulnerability | Discovery of weaknesses or flaws in software or hardware that attackers can exploit to gain unauthorized access, disrupt operations, or steal data. Includes the Contextual Asset ID (e.g., the specific Image Name, Container Instance ID) to help distinguish if the vulnerability is a host OS issue or originates from a nested workload. |
Set up rules to trigger issues from findings
Findings themselves are not issues, but findings that match a specific logic can generate issues. You can also set up your own policies and rules to trigger issues when the following types of findings are recorded:
Compliance, Malware, or Secrets findings, for more information, see Cloud workload policies and rules.
Vulnerability findings, for more information, see Vulnerability policies.
Query findings data
You can query finding data in the findings data set.
The following query searches for all findings for AssetA:
dataset = findings | filter xdm.finding.asset_name = "AssetA"