Fortinet black logo

Online Help

Configure Finding States

Copy Link
Copy Doc ID cf00dcb1-0886-11ed-bb32-fa163e15d75b:956803

Configure Finding States

Introduction

FortiCNP Finding States give users the ability to manage the status of findings to control which findings to be shown or hidden on the Finding page.

Go to any finding and click on the Action button to change to a different Finding State.

Types of Finding States

Open - New violation found for the given resource and policy pair.

Resolved - The policy violation became not applicable anymore due to change of policy or resource. Resolved state can only be changed by FortiCNP automatically.

Dismiss - User can manually dismiss the finding, but the violation may still exist. Dismiss state can also be undismissed to Open state.

Acknowledged - For Data Scan and User Activity findings, users can only change the finding state to Acknowledged. Acknowledged finding cannot be changed to other state.

Overall Finding Number

Overall Finding Number is when filtering through a finding type, for example Risk Management, without any finding state selected in the filter, will include all 4 finding states by default: Open, Resolved, Dismiss and Acknowledged. This is the total number of the Risk Management findings with all 4 finding states. The number of findings is located at the bottom right of the Finding page.

When one of the Risk Management finding state is changed from Open to Dismiss, the overall Risk Management finding number will not change. The Risk Management finding with Dismiss state can be changed back to Open state.

Similarly, in case of User Activity findings, when one of the User Activity finding state is changed from Open to Acknowledged, the overall User Activity finding number will not change. But the User Activity finding with Acknowledged state cannot be changed back to Open state.

Finding States Transition Table

Finding states can be changed either manually or automatically by FortiCNP depending on the initial finding state and policy.

Below are tables of current findings states with the available transitional state per finding type.

Risk Management Finding

Current State

Next State

Action

Policy Control

Description

None

Open

Finding triggered

automatic

New violation found for the given resource and policy pair.

Open

Resolved

Policy updated

automatic

Policy was updated which caused the violation not applicable, e.g. the resource was added into policy allow list.

Policy disabled

automatic

Policy was disabled which led to termination of scanning and previously triggered findings would disappear.

Resource updated

automatic

Resource configuration was updated to fix the violation.

Resource deleted

automatic

Resource was deleted.

Dismiss

User action

manual

User manually dismiss the finding.

Dismiss

Open

User action

manual

User manually reopened the finding.

Resolved

Open

Policy updated

automatic

Policy was updated, e.g. the resource was removed from policy allow list.

Policy enabled

automatic

Policy was enabled again. New Scanning resumed and previously triggered finding will appear again.

Network Finding

Current State

Next State

Action

Policy Control

Description

None

Open

Finding triggered

automatic

New violation found for the given resource and policy pair.

Open

Dismiss

User action

manual

User manually dismiss the finding.

Dismiss

Open

User action

manual

User manually reopened the finding.

Integration Finding (Amazon Inspector, Amazon Guard Duty, Microsoft Defender for Cloud)

Current State

Next State

Action

Policy Control

Description

None

Open

Finding triggered

automatic

New violation found for the given resource and policy pair.

Open

Dismiss

User action

manual

User manually dismiss the finding.

Dismiss

Open

User action

manual

User manually reopened the finding.

User Activity Finding

Current State

Next State

Action

Policy Control

Description

None

Open

Finding triggered

automatic

New violation found for the given policy.

Open

Acknowledged

User action

manual

User manually marked the finding as acknowledged.

Data Scan Finding

Current State

Next State

Action

Policy Control

Description

None

Open

Finding triggered

automatic

New violation found for the given resource and policy pair.

Open

Acknowledged

User action

manual

User manually marked the finding as acknowledged.

Configure Finding States

Introduction

FortiCNP Finding States give users the ability to manage the status of findings to control which findings to be shown or hidden on the Finding page.

Go to any finding and click on the Action button to change to a different Finding State.

Types of Finding States

Open - New violation found for the given resource and policy pair.

Resolved - The policy violation became not applicable anymore due to change of policy or resource. Resolved state can only be changed by FortiCNP automatically.

Dismiss - User can manually dismiss the finding, but the violation may still exist. Dismiss state can also be undismissed to Open state.

Acknowledged - For Data Scan and User Activity findings, users can only change the finding state to Acknowledged. Acknowledged finding cannot be changed to other state.

Overall Finding Number

Overall Finding Number is when filtering through a finding type, for example Risk Management, without any finding state selected in the filter, will include all 4 finding states by default: Open, Resolved, Dismiss and Acknowledged. This is the total number of the Risk Management findings with all 4 finding states. The number of findings is located at the bottom right of the Finding page.

When one of the Risk Management finding state is changed from Open to Dismiss, the overall Risk Management finding number will not change. The Risk Management finding with Dismiss state can be changed back to Open state.

Similarly, in case of User Activity findings, when one of the User Activity finding state is changed from Open to Acknowledged, the overall User Activity finding number will not change. But the User Activity finding with Acknowledged state cannot be changed back to Open state.

Finding States Transition Table

Finding states can be changed either manually or automatically by FortiCNP depending on the initial finding state and policy.

Below are tables of current findings states with the available transitional state per finding type.

Risk Management Finding

Current State

Next State

Action

Policy Control

Description

None

Open

Finding triggered

automatic

New violation found for the given resource and policy pair.

Open

Resolved

Policy updated

automatic

Policy was updated which caused the violation not applicable, e.g. the resource was added into policy allow list.

Policy disabled

automatic

Policy was disabled which led to termination of scanning and previously triggered findings would disappear.

Resource updated

automatic

Resource configuration was updated to fix the violation.

Resource deleted

automatic

Resource was deleted.

Dismiss

User action

manual

User manually dismiss the finding.

Dismiss

Open

User action

manual

User manually reopened the finding.

Resolved

Open

Policy updated

automatic

Policy was updated, e.g. the resource was removed from policy allow list.

Policy enabled

automatic

Policy was enabled again. New Scanning resumed and previously triggered finding will appear again.

Network Finding

Current State

Next State

Action

Policy Control

Description

None

Open

Finding triggered

automatic

New violation found for the given resource and policy pair.

Open

Dismiss

User action

manual

User manually dismiss the finding.

Dismiss

Open

User action

manual

User manually reopened the finding.

Integration Finding (Amazon Inspector, Amazon Guard Duty, Microsoft Defender for Cloud)

Current State

Next State

Action

Policy Control

Description

None

Open

Finding triggered

automatic

New violation found for the given resource and policy pair.

Open

Dismiss

User action

manual

User manually dismiss the finding.

Dismiss

Open

User action

manual

User manually reopened the finding.

User Activity Finding

Current State

Next State

Action

Policy Control

Description

None

Open

Finding triggered

automatic

New violation found for the given policy.

Open

Acknowledged

User action

manual

User manually marked the finding as acknowledged.

Data Scan Finding

Current State

Next State

Action

Policy Control

Description

None

Open

Finding triggered

automatic

New violation found for the given resource and policy pair.

Open

Acknowledged

User action

manual

User manually marked the finding as acknowledged.