Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Incident Remediation States for IaaS Services

Skyhigh CASB allows you to automatically remediate all incidents that are triggered when a Cloud Service Provider's Configuration policy is violated. 

These are the following states of the incidents along with their description:

  • Archived. An incident is marked Archived if the incident is no longer valid. This could happen if the entity that triggered the violation (such as a user) is deleted from the Service Provider.
  • Escalated. An incident is marked escalated when it is moved to the next level of review. 
  • False Positive. When an incident is manually changed to False Positive status, it won't change back even when a new scan finds a violation for it.
  • New. When an incident is found for the first time in a scan, it is marked as a new incident.
  • Open. An incident is marked opened when it is resolved on the dashboard but found again in the scan.
  • Pending. An incident is marked pending when it is pending review. 
  • Resolved. Incidents are marked Resolved if the configuration that caused the incident is resolved by a member of your team.
  • Suppressed: When an incident is manually changed to Suppressed status, it won't change back even when a new scan finds a violation for it.

NOTE: Suppressed is not listed in the UI, but you can search for it in the Omnibar.

  • Suspended. The incident has been suspended.  
  • Under Investigation. An incident is marked Under Investigation when it is being actively reviewed. 
  • Viewed. An incident is marked Viewed when it has been viewed for review, but not otherwise categorized. 

Skyhigh CASB scans once in every 24 hours, so incidents are updated every 24 hours.