Manage issues in Autobahn Security

Learn how to effectively manage your issues using Autobahn's advanced filters, update issue statuses, and ensure issue tracking.

Autobahn Security intelligently reprioritizes issues discovered via scanning and ingested from other data sources. By focusing on the most critical issues, your security team can optimize their remediation efforts and allocate resources effectively. This enables them to mitigate risks more efficiently, reducing the likelihood of successful attacks.

The issues affecting your assets are displayed on the Issues page. From there you can also access the Issue Details view to learn more about a certain vulnerability and see which assets are affected by it. 

Table of content

1. Understand issue statuses

2. Filter issues with Autobahn's presets

3. Manually filter and customize the Issues view

    3.1. Show or hide selected columns 

    3.2 Filter columns 

    3.3 Create your filter presets

4. Update your issue status

5. Assign issues to the user

6. Categorize your issues with tags

1. Understand issue statuses 

Issues, depending on their status and severity, are affecting your organization's Hackability Score. Issues which contribute to the Hackability Score are of Critical, High and Medium severity and have the open status, which means:

  • New: An issue that has appeared for the first time after a scan/data fetch.
  • Active: A previously "New" issue has been found again. 
  • Resurfaced: A previously "Remediated" issue has been found again. 
The issue that do not contribute to the organization's Hackability Score are the Low severity issues as well as those of Critical, High and Medium severity that have been closed, which means:
  • Risk accepted: Applicable when the cost or feasibility of remediation outweighs the potential impact, especially if compensating controls are in place or the risk is minimal. This decision should be formally documented, approved (see the Issue Review feature), and periodically reviewed - it is possible to set a deadline for this decision in the Autobahn platform and before it is due an email reminder will be sent.
  • Remediated: If the issue has been fixed, a user can mark it as remediated after they've done a given workout. Also, if the issue does not re-appear during a new iteration of the scan of the same target and port, the Autobahn platform will automatically mark this issue as "Remediated". 
  • False positive: After investigation, if you conclude that the system incorrectly identified a threat, you can mark an issue as False Positive. These issues do not need remediation.

The statuses: New, Active, Resurfaced and Remediated can be applied as a result of a user's action in the platform (manually changed during e.g. workout fix) as well as the system's action (e.g. after a re-scan). 

The Risk accepted and False positive statuses can only be applied by users manually. 

2. Filter issues with presets

The issues page is very rich in content and can include hundreds of thousands of issues. That's why we're offering various predefined filters that serve as shortcuts to some of the most useful sets of criteria. They're available at the top left corner of the Issues view:

 Issues_Preset_Filter

 Below is the detailed explanation of the filtering criteria under each preset: 

  •  Relevant:
    • Issue status: New, Active and Resurfaced (so open issues)
    • Severity: Critical and High 
    • Time span: last 3 months
  • Overdue threats:
    • Issues open (New, Active, Resurfaced) for more than 7 days 
    • Severity: Critical and High
    • Time span: last 3 months
  • Unassigned threats:
    • Issue status: New, Active and Resurfaced 
    • Severity: Critical and High
    • Time span: last 3 months
    • Issues (and therefore Workouts) have no assignees
  • My issues:
    • Issue status: New, Active and Resurfaced 
    • Severity: Critical, High and Medium
    • Time span: last 3 months
    • Issues that are assigned to you
  • Recently closed issues:
    • Issue status: Remediated, Risk accepted and False positive 
    • Severity: Critical, High and Medium
    • Time span: last 3 months
  • Risk accepted
    • Issue status: Risk accepted

3. Manually filter and customize the Issues view

Apart from the predefined filters, you can manually customize the Issues page and also save the filter you created. Start from expanding the Setup filters & columns view.

This section is divided into three categories: Time-related filters, Asset properties columns, and additional columns/filters. 

3.1. Show or hide selected columns 

Some columns such as Status, Issue title, Asset title, First detected, Last detected, and Last updated are mandatory and can’t be hidden. 

To show or hide a column in the Issues table, simple toggle them on and off. Don't forget to click the "Apply" button afterwards:

3.2. Filter columns

All the columns can be filtered should more detail information is needed. Some filters provide a dropdown menu with multiple options (e.g. Custom dashboard, Issue assignee) - sometimes with multiple selections possible. Some are more specific and will open additional components (e.g. the time span opens a calendar view to specify the start and end date). Finally, there are filters marked with the 1 icon - they allow you to enter text and use advanced search with "AND" / "OR". Check this article for more detailed information.

3.3. Create your filter presets

To save time, you can create your filter presets by clicking the Save set up button. Please note that the preset will be saved for you and won't be available for any other users. 

4. Update issue status

After reviewing the issues, you may want to change their status. To do that, simply select one or more issues by marking the checkbox. Then open the Mark issue as dropdown menu and select the desired option.

The view will reload and the selected issues will be updated.

If your organization has the Issue Review feature enabled, marking issues as "False positive", "Remediated", or "Risk accepted" will prompt the "Request issue status change" drawer to appear where a reason for the decision should be specified.

Also, the "Risk accepted" status will trigger a popup where a deadline can be set so that you can review your decision after a certain amount of time. After this date, the issue will be automatically reopened. The deadline can be later edited. 

5. Assign issues to the user

Assign issues to the responsible person will give them visibility over the issues and will also assign the relevant Workouts to them so that they can fix the vulnerabilities. After selecting the issue, choose the Edit assignee option and manage assignees in the drawer by adding or removing users. 

Click the Apply button to save changes.

6. Categorize your issues with tags

It is a good practice to tag the issues to manage them more efficiently. In some cases (e.g. Microsoft Defender for Endpoint) the issue tags will be fetched automatically. In other cases, the tags need to be specified manually. Some of the useful tags include:

  • Location
  • Team
  • OS
  • Network
  • Services hosted

To tag and issue, select a row in the Issues view and click the Edit tag button and add or remove the existing tags in the dropdown. You can also create new tags by typing them in the text field.

Don't forget to save your changes by clicking the Apply button.