Learn about the alert lifecycle and definition of each alert status.
Alerts transition through four basic statuses: New, In Progress, Resolved, and Reopened. There are multiple versions of the Resolved status (which are also called resolution statuses) to enable you to track why an alert was resolved.
A resolution status can be either terminal or reopenable. Terminal resolution means the alert will not be reopened if Xpanse continues to observe the problem. The following resolution statuses are terminal:
Resolved - Contested Asset
Resolved - Risk Accepted
Resolved - No Risk
Reopenable resolution means that Xpanse will reopen the alert and set the status to Reopen if the issue is observed again. The following resolution statuses are reopenable:
Resolved - No Longer Observed
Resolved - Remediated Automatically
Resolved
The table below describes the alert statuses. Some of these statuses are assigned by Xpanse and some are assigned manually by a user. You can manually change the status of any alert to any other status except Resolved - No Longer Observed and Resolved - Remediated Automatically, which are assigned by Xpanse only.
Alert Status | Description | Set by User or System or Both |
|---|---|---|
New | Indicates one of the following:
| Both. Xpanse sets the status to New when it opens an alert. A user can set the status to New anytime. |
In Progress | Indicates that you have started investigating or remediating the alert. | User only |
Reopened | Indicates one of the following:
| Both |
Resolved - Contested Asset | Indicates that you do not believe that this asset belongs to your organization. This is a terminal resolution status. | User only |
Resolved - Risk Accepted | Indicates that you understand that this alert poses a risk to your organization, but that you would like to accept the risk rather than address it. This is a terminal resolution status. | User only |
Resolved - No Risk | Indicates that you acknowledge that an alert exists, but that there is a mitigating control or other circumstances which results in the alert not being necessary. This is a terminal resolution status. | User only |
Resolved - No Longer Observed | Indicates that Xpanse no longer detects the issue on the service, asset, or website. This is a reopenable resolution status. | System only |
Resolved - Remediated Automatically | Indicates that automated remediation was used to remediate the alert. This is a reopenable resolution status. NoteThis status is only used if you have the Active Response add-on module. See Active Response for more information. | System only |
Resolved | Indicates that the alert was remediated. This is a reopenable resolution status. | User only |
In addition to these built-in alert statuses, you can create custom alert statuses that are tailored to your workflow. For more information, see Add Custom Alert and Incident Statuses and Resolution Reasons.