Findings & Severity
Overview
Section titled “Overview”The Issues screen (under Findings & Risk) is the day-to-day triage surface. It lists every finding from your scans with severity, risk score, affected resource, and remediation guidance, and gives you the tools to filter, accept, mute, and track them to closure.
Key benefits
Section titled “Key benefits”| Benefit | Capability | Business value |
|---|---|---|
| Focus | Severity + environment-aware risk score | Teams fix the most dangerous issues first |
| Audience fit | Red / Blue / All perspective | The same data framed for attackers or defenders |
| Signal quality | Risk acceptance, exemptions, and mute rules | Less noise; known/accepted items stay out of the way |
How it works
Section titled “How it works”Severity and risk score
Section titled “Severity and risk score”Each finding has a severity (Critical / High / Medium / Low) reflecting inherent seriousness, and a risk score that weighs exposure, reachability, and blast radius for your environment. Triage by risk score, not severity alone — see Core Concepts.
The perspective toggle
Section titled “The perspective toggle”Switch between Red (attacker view), Blue (defender view), and All. It reframes findings for whoever you’re working with — useful when presenting to different teams.
Filtering and search
Section titled “Filtering and search”Filter by severity, search across findings, and group as needed. The companion Issues — New Layout offers an alternative visual arrangement over the same data.
The finding detail
Section titled “The finding detail”Open any finding to see:
- The affected resource and account/project.
- Evidence supporting the detection.
- The severity and risk score, with contributing factors.
- Remediation guidance (and, where available, a CLI command or an automated fix).
- Links into attack paths the finding participates in.
Risk acceptance and exemptions
Section titled “Risk acceptance and exemptions”When a finding is a known, accepted risk, record a risk acceptance (subject to approval permissions such as ra.approve_high / ra.approve_critical). For false positives or intended configurations, use exemptions and the Mutelist so they stop cluttering active views — every action is audited.
Status workflow, revalidation, and delta
Section titled “Status workflow, revalidation, and delta”Findings carry a status you can update; each change is recorded in the finding’s audit log. You can revalidate a single finding or in bulk to confirm it’s still present after a fix, and the delta view shows what changed between scans.
Best practices
Section titled “Best practices”- Sort by risk score and clear Critical/High attack-path steps first.
- Use risk acceptance (with an expiry) rather than muting, when a risk is genuinely accepted — it keeps an auditable record.
- Revalidate after remediation to confirm closure instead of assuming it.