Muting Findings for Indicators of Exposure and Compromise
You can mute Findings for indicators of exposure or compromise, or individual objects within those Findings, to prevent future Findings from being raised for the object(s).
To mute Findings:
From the Findings Investigation page or Findings list (if you are dismissing multiple Findings), dismiss the Finding.
When prompted to confirm the dismissal, check the Mute this Finding box.
|
|
NOTES:
-
Tier Zero [object] Detected Findings cannot be muted. If your selection includes these the mute option will be unavailable.
-
Because Findings are muted at the time they are dismissed and therefore no longer display in the Findings list, they can only be unmuted from the All Indicators page. |
To mute Findings for individual objects:
-
From the Findings Investigation What Happened? page, select the object(s) you want to mute.
-
Click Mute Object.
Dismissing Findings
When you dismiss a Finding, the Finding will no longer display in the active Findings list.
-
For an Indicator of Exposure or Indicator of Compromise, the Finding will continue to be monitored and any new Finding for the indicator will be raised unless it is .
-
For a Tier Zero indicator, the Finding will not be raised again unless the object is re-added as a Tier Zero object.
|
|
NOTES:
-
Only certified Tier Zero objects can be dismissed. If a Tier Zero object is not certified, the Dismiss option will be disabled. However, you can dismiss a Tier Zero Finding as part of the certification process.
-
When you dismiss a Finding, the Finding Status is changed from Active to Inactive and can be viewed when the Findings list is filtered by Status = Inactive. |
To dismiss a Finding after investigation:
From the Investigate Finding page, click Dismiss Finding.
You will be prompted to confirm the dismissal. For an Indicator of Exposure or Compromise, the confirmation dialog also includes a check box that allows you to mute the Finding at the same time.
To dismiss one or more Findings from the Findings list:
-
Select the Finding(s) you want to dismiss.
-
Click the Dismiss button.
|
|
NOTE: If your selection contains only indicators of Exposure or Compromise, you will also have the option to mute the Finding(s). If the selection includes Tier Zero Findings, the option to mute will be unavailable. Any uncertified Tier Zero objects in the selection will not be dismissed. |
Viewing Finding History
You can view the history of all actions associated with a Finding from the Findings list or the Findings Investigation page.
|
|
NOTE: Once a Finding is dismissed, history will no longer be recorded, although it still can be viewed. If a new Finding is raised for the same indicator, a new history for the Finding will be created. |
To view a Finding's history from the Findings list:
-
Select the Finding whose history you want to view.
-
Click the View History button.
|
|
NOTE: If more than one Finding in the list is selected, the button will be disabled. |
To view a Finding's history from the Findings Investigation page:
Click the View History button.
For each action associated with the Finding (listed from newest to oldest), the following information displays:
-
Date
|
|
NOTE: This field displays the signed-in user's local date and time. |
-
Action
-
Source
-
Actor
For a Tier Zero [object] Detected indicator, the history will include:
For an Indicator of Exposure or Indicator of Compromise, the history will include:
- when an exposed or compromised object was detected and whether the source was Assessments or On Demand Audit.
- when the Finding was created by Security Guardian.
- when any objects within the Finding were muted/unmuted.
- for an unprotected Tier Zero object Finding, when the object was protected (if applicable).
Security Settings
From the Security Guardian Settings page you can:
