Issue Data Structure - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Assess User Guide

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2022-12-01
Category
User Guide

Each Issue has the following standard components. For more details on each component, see List View and Issues Detail View:

  • Issue Name—Combination of the Issue Type, such as Insecure TLS, and either a Domain, such as dev.acme.com, or an IP address. Issues on a customer’s On-premise IP Range include the corresponding IP in the Issue Name. If the Issue is hosted in the Cloud and attributed via a Domain, then the corresponding domain appears in the Issue Name. Issue Names end with the port number. IP and Domain are also available as separate fields for API usage.

  • Activity Status—Cortex Xpanse automatically sets an Issue Activity Status based on how recently we saw the Issue.

  • Priority—The options for priority are Critical, High, Medium, and Low. Cortex Xpanse automatically sets a priority upon Issue creation. Users can then modify the priority of an Issue as they see fit. A custom default priority for all new Issues of a given type can be set on the Policies page.

  • Progress Status—Issues are either Open or Closed. Each designation includes different progress status settings, such as New, Investigating, In Progress, Resolved, No Risk, and Acceptable Risk.

  • Assigned To—You may assign an Issue to any Cortex Xpanse user.

  • First Added—This is the date that Cortex Xpanse first identified the Issue.

  • Evidence—Cortex Xpanse bases evidence on our scan results. The evidence varies with the kind of Asset and evidence type. Evidence is available in the Issue Detail view.

  • Associated Assets—Issues include all associated Assets. There is additional information for each Asset, including Attribution Reasons, Registration Records, Business Units, and Hosting Provider.