Welcome to Support Portal

This functionality is being shown in Preview mode. It is not yet available to customers.

TABLE OF CONTENTS

• Overview
• Access the Issues screen
• Change how the list of issues is displayed
  • Grouping
  • Searching
  • Filtering
  • Sorting
• Take action on an issue!
  • Open a Jira ticket
  • Fix an issue with a vShield

Overview

The Issues UI screen shows the security issues in your environment. Security issues are defined as potentially dangerous combinations of risks:

• Vulnerabilities: security flaws, glitches, or weaknesses found in software code that could be exploited by an attacker
• Sensitive data: exposed tokens, keys, credentials, or other types of sensitive data
• Misconfigurations: infrastructure misconfigurations that breach compliance or best practices
• Incidents

This screen allows you to:

• Filter, sort, and group the list of issues in many ways
• Open a Jira ticket on any issue
• Export the list

Access the Issues screen

Select the Aqua Hub module from the mega menu.

Select Issues from the left-side menu.

You will see a screen like this:

Change how the list of issues is displayed

The Issues screen provides several options to let you control how the list of issues is displayed.

Grouping

The list of issues can grouped by either of the following attributes:

• Policies, which you can create in the Aqua Hub Explore screen
• Cloud resource

The list can also be ungrouped; each issue will appear on its own row in the table.

By default, groups appear collapsed, i.e., the items in the group are not shown. To expand a collapsed group, click the down arrow near the group name:

Note: Only one group can be expanded at any given time.

Searching

You can use the Search field to enter any text string. The list of issues will show only those whose policy or resource name contains the string you have entered. For example; note the Load 20 More control, which will appear if the list does not include all issues meeting the display options.

Filtering

The Issues screen includes the following filtering controls. All controls except for resource type allow multiple selection:

• Severity: critical, high, medium, low
• Status: open, in progress (a Jira ticket has been opened), mitigated (e.g., with a vShield), or resolved
• Risks: incident, malware, misconfiguration, vulnerability, sensitive data
• Resource type, grouped by category:
  • Compute: VM, container, function (serverless)
  • Cloud storage: S3 bucket
  • Kubernetes resource: cluster
  • Supply Chain: repository, artifact, CI pipeline, container image
• Origin: AWS, Azure, Azure Server, Bitbucket, Bitbucket Server, Docker, GCP, GitHub, GitHub Server, GitLab, GitLab Server

Sorting

When the list of issues is grouped, the groups can be sorted by either of these criteria:

• Grouped by policy: severity, number of issues, policy name
• Grouped by resource: origin, resource name, total issues

Take action on an issue!

You can open (create) one or more Jira tickets for any issue.

Certain issues can also be fixed with a vShield (Vulnerability Shield) to protect your environment from related vulnerabilities during runtime.

Both of these are considered actions. The Issues screen displays:

• If the display is grouped: the percentage of issues within the group for which an action has been taken
• For each individual issue, whether a ticket and/or a vShield has been created

For example, in the following screenshot: the issues are grouped by policy, and we can see the action status for both groups shown:

• 100% of the total issues (1) in the policy "Malware found in running VMs" are covered by an action. Since this group has been expanded, we a Jira ticket has been opened for the VM whose name is "ip-172-31-94-141.ec2.internal".
• The group "VMs with vulnerabilities that have remote exploits in the wild" includes 2 issues. Although this group has not been expanded, we can see that neither issue has been covered with an action (With Action = 0%).

The UI will show the number of tickets that have been opened for each issue. In the following screenshot:

• The VM named "ip-172-31-94-141.ec2.internal" has 2 total issues; 50% are covered by an action.
• The first resource listed, which is of medium severity, is not covered.
• The second resource, of critical severity, is covered by 3 Jira tickets.

Open a Jira ticket

You need to have configured one or more Jira system integrations to open a Jira ticket.

1. Click the Actions drop-down list to the right of the issue of interest, and select Open Ticket:
   
   
   
2. In the panel that appears, select the desired Jira system integration, and click Open Ticket:
   
    

You can also open a ticket on more than one issue simultaneously. Select the tickets of interest, and use any action menu in the matter described above. For example:

Fix an issue with a vShield

This process is very similar to opening a Jira ticket.

Not all issues can be fixed with vShields. If "Fix with vShield" is greyed out in the action menu (see step 1 below), this action is not available.

1. Click the Actions drop-down list to the right of the issue of interest, and select Fix with vShield.
   
   
   
2. In the panel that appears, ... 
3. As with opening Jira tickets, you can take action to fix more than one issue simultaneously.