Findings & Taking Action

Owned by Aaron Beaudoin
Last updated: Jul 31, 2024 by Sowmya Manian
3 min read

When policies are evaluated against the data that Zilla knows about, if a negative condition is found, a Finding is generated. Findings can be reviewed and manual actions can be taken to correct the underlying issue in the source environment and close the Finding. Upon the next synchronization, Zilla will evaluate the policy and determine if the Finding has been resolved, and if so will mark it as closed. Otherwise the Finding will remain in an open state.

 

For those policies that are enabled, you can quickly view the associated Findings by Policy when clicking on the “Findings” sub-menu under “Security” in the left sidebar. 

image-20240729-064700.png

In FIndings tab, you can view and quickly filter on the Findings based on Severity, as well as new Findings discovered in the last 7 days. 

image-20240729-080010.png

And you are able to Take Action on the Findings in view:

  • Mute All- You can choose to mute Findings, with additional comments, to suppress from the default view. Typically, muting a Finding is done when the identified issue has been reviewed and is allowed (for example there is a mitigation / exception in place).   

  • Unmute All - You can unmute existing muted Findings so they are listed in the default views. 

  • Create Ticket - This will generate a ticket request to your ticketing system and you can add an optional comment that will be included in the ticket. An attachment of the Findings will be included. 

  • Email - This will send an email with the Findings in view to a specific set of users. You can optionally add comments to provide more context and information to the recipients. An attachment of the Findings will be included with the email. 

  • Download CSV - You can download the Findings that are in view to a CSV file.

 

You can also view more detailed information about the Finding by clicking on the respective Finding Status hyperlink. This will display a pop-up with more information about the policy, account, application or resource in violation, and the history. From within this detailed view, you can manually take an action to mute/unmute, create a ticket or send an email to follow-up.

By default, no action is taken for when a Finding is discovered. If you want to automatically have actions taken when Findings are discovered you can enable automatic actions for the policies - more information can be found under the Edit Policy Section.