Remediation Actions
Remediation Actions
Xygeni detectors' documentation will help you with examples of how to remedy each security issue, and the recommended steps to follow for determining the impact of a security issue and fixing it.
Examples of remediation actions include revoking leaked secrets, modifying infrastructure playbooks or receipts and updating existing resources, hardening authentication or authorization settings for CI/CD tools, or fixing pipeline configurations.
Automatic Remediation
Xygeni provides mechanisms to automatically remediate/fix certain kind of issues.
Please, go to below sections for further information on automatic remediation:
Steps to address a security incident or vulnerability
Xygeni detectors' documentation will help you with examples of how to remedy each security issue, and the recommended steps to follow for determining the impact of a security issue and fixing it.
Examples of remediation actions include revoking leaked secrets, modifying infrastructure playbooks or receipts and updating existing resources, hardening authentication or authorization settings for CI/CD tools, or fixing pipeline configurations.
Handling Actions in Xygeni Dashboard
The Dashboard offers contextual remediation actions for each security issue or unusual activity alert. The common actions are:
Manage Issue: A basic handling workflow, for setting a statusCreate ticket: Opens a new ticket in the configured ticketing tool. Full information for the issue is rendered so the ticket could be created with minimal edition work.Open Pull Request(PR): Opens a pull request in the configured Source Control Manager, with contextual information on the issue. Commits with changes in source / configuration files could be added to the branch, for automation, so after review the pull request could be approved for merging into the target branch.Disable Check: Deactivates the detector that reported the issue, possible for all the policies including it. This action is only available when the user’s roles allows it. This is a quick way to remove detectors that do not apply for the organization, or that are creating issues that should be ignored systematically.See in Inventory: Shows, in the SDLC Inventory, the asset where the issue was located.Search Similar: Opens a view with issues similar to the selected one. Similarity is typically by the specific issue type across all projects. This helps to focus on fixing all of them by applying the recommended fix steps.
Internal Issue Management
Xygeni platform provides a basic handling workflow that helps to trace each issue.
Please note that alternative handling might start by opening a ticket for the target issue or group of issues in your ticketing tool of choice, and using your incident handling workflow using the tool.
In that case, you may leverage the provided "Create Ticket" action to open a new ticket in the external tool with the full issue information.
The Status field may take the following values:
Open: The initial status: The issue has not yet handled.Under review: The issue is under investigation.Confirmed incident: The issue is a confirmed security problem, and should be fixed.
For unusual activity, additional states are available:
Incident closed: The problem was corrected, and any potentially harmful consequences related to the unusual activity were handled.Normal business: Internally the issue will be "muted", applying to current issue and current scan.
Only for security issues (secrets, misconfigurations, bad components and IaC flaws):
Muted: False positive. The issue is not real. If you feel that this is a bug, the checkbox "Create false positive ticket for Xygeni" can be enabled, which opens a bug ticket into Xygeni Support.Muted: Accept the risk. The issue is acknowledged, but the risk is assumed instead of trying to fix the issue.Muted: Other. When the issue needs to be silenced by other reasons (to be documented in the notes).
The remediation actions could be invoked from the Remediation Actions popup in the Xygeni Dashboard.
Last updated