Issue Data Structure - User Guide - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Assess User Guide

Creation date
Last date published
User Guide

The standard components for each Issue.

Each Issue has the following standard components. For more details on each component, see List View and Issues Detail View:

  • Issue Name—Combination of the Issue Type, such as Insecure TLS, and either a Domain, such as, or an IP address. Issues on a customer’s On-premise IP Range include the corresponding IP in the Issue Name. If the Issue is hosted in the Cloud and attributed via a Domain, then the corresponding domain appears in the Issue Name. Issue Names end with the port number. IP and Domain are also available as separate fields for API usage.

  • Activity Status—Cortex Xpanse automatically sets an Issue Activity Status based on how recently we saw the Issue.

  • Priority—The options for priority are Critical, High, Medium, and Low. Cortex Xpanse automatically sets a priority upon Issue creation. Users can then modify the priority of an Issue as they see fit. A custom default priority for all new Issues of a given type can be set on the Policies page.

  • Progress Status—Issues are either Open or Closed. Each designation includes different progress status settings, such as New, Investigating, In Progress, Resolved, No Risk, and Acceptable Risk.

  • Assigned To—You may assign an Issue to any Cortex Xpanse user.

  • First Added—This is the date that Cortex Xpanse first identified the Issue.

  • Evidence—Cortex Xpanse bases evidence on our scan results. The evidence varies with the kind of Asset and evidence type. Evidence is available in the Issue Detail view.

  • Associated Assets—Issues include all associated Assets. There is additional information for each Asset, including Attribution Reasons, Registration Records, Business Units, and Hosting Provider.