Resolved vs. Acceptable Risk Progress Statuses When Closing Issues - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Assess User Guide

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2022-12-01
Category
User Guide

At the end of a remediation process, operators can determine the Issue is Resolved, or the Issue is an Acceptable Risk. Both settings close the remediation, but Cortex Xpanse acts differently if the Issue arise again:

  • Resolved—Set the Issue Status to Resolved if you want Cortex Xpanse to reopen the Issue when Cortex Xpanse observes the problem in the future.

  • Acceptable Risk—Set the Issue Status to Acceptable Risk if you do not want updates if Cortex Xpanse either continues to observe the Issue or if the Issue reappears in the future. Acceptable Risk allows you to determine that an Issue is OK even though you have not resolved the underlying problem. Because the underlying problem persists, Cortex Xpanse highly recommends performing a periodic audit of items marked Acceptable Risk.