Findings#

The unified Findings page lists every finding across every detector in one table. If you only want to look at one detector, use the dedicated module page (CSPM, KSPM, etc.); this page is for cross-cutting work.

Columns#

Click any column header to sort. Click a row to open the detail panel.

Filters#

The filter bar at the top supports:

• Severity (multi-select)
• Status (multi-select)
• Detector type (CSPM / KSPM / DSPM / HCR / IaC / Secrets / Vuln / Toxic / CDR)
• Cloud provider
• Project
• Rule (free text against rule name and rule key)
• Resource ID (free text)

All active filters are URL-encoded so any filtered view is shareable.

Grouping#

The Group by dropdown groups rows under collapsible headers. Useful groupings:

• By severity for prioritisation.
• By rule to see how many resources are affected by each rule.
• By resource to see all findings on one resource.
• By cloud when comparing posture across providers.

Grouped rows show counts per group (CRITICAL: 12, HIGH: 4, ...). Click a group header to expand its rows.

Status workflow#

Single row: click the status badge in the row, pick IGNORE or RESOLVE, optionally add a reason.

Bulk: select rows with the checkbox column, then IGNORE selected or RESOLVE selected in the toolbar.

IGNORED accepts an optional TTL. After the TTL, the finding re-opens automatically unless the underlying issue has been fixed.

Export#

The Export CSV button respects all active filters. The CSV columns match the visible columns. Useful for SOC 2 / ISO 27001 audit packages.

Detail panel#

Clicking a row opens the detail panel from the right. Same panel as on every detector page, with all the context: description, attack scenario, remediation, references, resource graph slice, and status history.

What's next#

• Triage open findings, the recommended workflow
• Suppress or ignore a finding