When Expander identifies an exposure on your attack surface, it creates a new alert and the Active Response module executes an automation playbook. This playbook progresses through a set of stages, as illustrated in the figure below. During each of these stages various automation integrations may be utilized to collect data, send Expander data to another system, or take a remediation action.
The Active Response playbook contains a set of sub-playbooks, which support many different remediation paths that can be taken depending on the types of configured integrations, the type of alert, and input provided by the analyst. After the final stage, the alert is resolved.
Remediation Confirmation Scanning
During the validation stage, Xpanse validates the resolution of alerts by completing a remediation confirmation scan. This scan utilizes the same payloads and global scanning infrastructure that was used for service discovery to ensure that the risk has been addressed and that it won't inadvertently generate a new alert during the next scheduled scan of this asset.