Configure Finding States
Introduction
FortiCNP Finding States give users the ability to manage the status of findings to control which findings to be shown or hidden on the Finding page.
Go to any finding and click on the Action button to change to a different Finding State.
Types of Finding States
Open - New violation found for the given resource and policy pair.
Resolved - The policy violation became not applicable anymore due to change of policy or resource. Resolved state can only be changed by FortiCNP automatically.
Dismiss - User can manually dismiss the finding, but the violation may still exist. Dismiss state can also be undismissed to Open state.
Acknowledged - For Data Scan and User Activity findings, users can only change the finding state to Acknowledged. Acknowledged finding cannot be changed to other state.
Overall Finding Number
Overall Finding Number is when filtering through a finding type, for example Risk Management, without any finding state selected in the filter, will include all 4 finding states by default: Open, Resolved, Dismiss and Acknowledged. This is the total number of the Risk Management findings with all 4 finding states. The number of findings is located at the bottom right of the Finding page.
When one of the Risk Management finding state is changed from Open to Dismiss, the overall Risk Management finding number will not change. The Risk Management finding with Dismiss state can be changed back to Open state.
Similarly, in case of User Activity findings, when one of the User Activity finding state is changed from Open to Acknowledged, the overall User Activity finding number will not change. But the User Activity finding with Acknowledged state cannot be changed back to Open state.
Finding States Transition Table
Finding states can be changed either manually or automatically by FortiCNP depending on the initial finding state and policy.
Below are tables of current findings states with the available transitional state per finding type.
Risk Management Finding
Current State |
Next State |
Action |
Policy Control |
Description |
---|---|---|---|---|
None |
Open |
Finding triggered |
automatic |
New violation found for the given resource and policy pair. |
Open |
Resolved |
Policy updated |
automatic |
Policy was updated which caused the violation not applicable, e.g. the resource was added into policy allow list. |
Policy disabled |
automatic |
Policy was disabled which led to termination of scanning and previously triggered findings would disappear. |
||
Resource updated |
automatic |
Resource configuration was updated to fix the violation. |
||
Resource deleted |
automatic |
Resource was deleted. |
||
Dismiss |
User action |
manual |
User manually dismiss the finding. |
|
Dismiss |
Open |
User action |
manual |
User manually reopened the finding. |
Resolved |
Open |
Policy updated |
automatic |
Policy was updated, e.g. the resource was removed from policy allow list. |
Policy enabled |
automatic |
Policy was enabled again. New Scanning resumed and previously triggered finding will appear again. |
Network Finding
Current State |
Next State |
Action |
Policy Control |
Description |
---|---|---|---|---|
None |
Open |
Finding triggered |
automatic |
New violation found for the given resource and policy pair. |
Open |
Dismiss |
User action |
manual |
User manually dismiss the finding. |
Dismiss |
Open |
User action |
manual |
User manually reopened the finding. |
Integration Finding (Amazon Inspector, Amazon Guard Duty, Microsoft Defender for Cloud)
Current State |
Next State |
Action |
Policy Control |
Description |
---|---|---|---|---|
None |
Open |
Finding triggered |
automatic |
New violation found for the given resource and policy pair. |
Open |
Dismiss |
User action |
manual |
User manually dismiss the finding. |
Dismiss |
Open |
User action |
manual |
User manually reopened the finding. |
User Activity Finding
Current State |
Next State |
Action |
Policy Control |
Description |
---|---|---|---|---|
None |
Open |
Finding triggered |
automatic |
New violation found for the given policy. |
Open |
Acknowledged |
User action |
manual |
User manually marked the finding as acknowledged. |
Data Scan Finding
Current State |
Next State |
Action |
Policy Control |
Description |
---|---|---|---|---|
None |
Open |
Finding triggered |
automatic |
New violation found for the given resource and policy pair. |
Open |
Acknowledged |
User action |
manual |
User manually marked the finding as acknowledged. |