Remediation Actions
Last updated
Last updated
The documentation for each detector provides examples for addressing specific security issues, as well as recommended procedures for assessing the impact and resolving the issue.
Examples of remediation actions include revoking leaked secrets, modifying infrastructure playbooks or receipts and updating existing resources, hardening authentication or authorization settings for CI/CD tools, or fixing pipeline configurations.
Xygeni provides mechanisms to automatically remediate certain kind of issues.
The offers contextual remediation actions for each security issue or unusual activity alert. The common actions are:
Manage Issue: A basic handling workflow, for setting a status.
Create ticket: Opens a new ticket in the configured ticketing tool. Full information for the issue is rendered so the ticket can be created with minimal work.
Open Pull Request (PR): Opens a pull request in the configured Source Control Manager, with contextual information on the issue. Commits with changes in source / configuration files can be added to the branch, for automation, so after review the pull request can be approved for merging into the target branch.
Disable Check: Deactivates the detector that reported the issue, possible for all the policies including it. This action is only available when the user’s roles allows it. This is a quick way to remove detectors that do not apply for the organization, or that are creating issues that should be ignored systematically.
See in Inventory: Shows the asset where the issue was located in the , .
Search Similar: Opens a view with issues similar to the selected one. Similarity is typically by the specific issue type across all projects. This helps to focus on fixing all of them by applying the recommended fix steps.
The Xygeni platform provides a basic handling workflow that helps to trace each issue.
The Status field may take the following values:
Open: The initial status: The issue has not yet handled.
Under review: The issue is under investigation.
Confirmed incident: The issue is a confirmed security problem, and should be fixed.
For unusual activity, additional states are available:
Incident closed: The problem was corrected, and any potentially harmful consequences related to the unusual activity were handled.
Normal business: Internally the issue will be "muted", applying to current issue and current scan.
Only for security issues (secrets, misconfigurations, bad components and IaC flaws):
Muted: False Positive The issue is not legitimate. To report this as a bug, check "Create false positive ticket for Xygeni" to open a support ticket.
Muted: Accept the risk. The issue is acknowledged, but the risk is assumed instead of trying to fix the issue.
Muted: Other. When the issue needs to be silenced for other reasons.
To change it for a given security issue, just open the issue and click on "Change Status" (see image below)
Then, a dialog will open where you can the change the status as well as provide any further additional information about the reason of the change.
To change the status of several issues (bulk mode) at once: First, select the checkbox on the left on each issue you want to modify. Then, under the 'Actions' tab select the"Change Status" option.
The remediation actions can be invoked from the Remediation Actions popup in the .
