Issue Data Structure - User Guide - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse User Guide

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2024-03-26
End_of_Life
EoL
Category
User Guide
Abstract

The standard components for each Issue.

Each Issue has the following standard components. For more details on each component, see List View and Issues Detail View:

  • Issue Name—Combination of the Issue Type, such as Insecure TLS, and either a Domain, such as dev.acme.com, or an IP address. Issues on a customer’s On-premise IP Range include the corresponding IP in the Issue Name. If the Issue is hosted in the Cloud and attributed via a Domain, then the corresponding domain appears in the Issue Name. Issue Names end with the port number. IP and Domain are also available as separate fields for API usage.

  • Activity Status—Cortex Xpanse automatically sets an Issue Activity Status based on how recently we saw the Issue.

  • Priority—The options for priority are Critical, High, Medium, and Low. Cortex Xpanse automatically sets a priority upon Issue creation. Users can then modify the priority of an Issue as they see fit. A custom default priority for all new Issues of a given type can be set on the Policies page.

  • Progress Status—Issues are either Open or Closed. Each designation includes different progress status settings, such as New, Investigating, In Progress, Resolved, No Risk, and Acceptable Risk.

  • Assigned To—You may assign an Issue to any Cortex Xpanse user. If the assignee turns on Email Digests, they will receive all updates to their assigned Issues.

  • First Added—This is the date that Cortex Xpanse first identified the Issue.

  • Evidence—Cortex Xpanse bases evidence on our scan results. The evidence varies with the kind of Asset and evidence type. Evidence is available in the Issue Detail view and via the Expander API.

  • Associated Assets—Issues include all associated Assets. There is additional information for each Asset, including Attribution Reasons, Registration Records, Business Units, Tags, and Hosting Provider.

  • Cloud Management Status—An issue's cloud management status tells you if the asset underlying the issue has been onboarded into the Prisma Cloud instance(s) that you have connected to Cortex Xpanse. To connect a Prisma Cloud instance, see Prisma Cloud API Connectors. The Cloud Management Status has three possible values: Unmanaged Cloud (the underlying asset is not in Prisma Cloud), Managed Cloud (the underlying asset is in Prisma Cloud), and Not Applicable (the distinction is not relevant). You can filter by cloud management status in either the Services UI or API.