Incident Remediation States for IaaS Services
Skyhigh CASB allows you to automatically remediate all incidents that are triggered when a Cloud Service Provider's Configuration policy is violated.
These are the following states of the incidents along with their description:
- Archived. An incident is marked Archived if the incident is no longer valid. This could happen if the entity that triggered the violation (such as a user) is deleted from the Service Provider.
- Escalated. An incident is marked escalated when it is moved to the next level of review.
- False Positive. When an incident is manually changed to False Positive status, it won't change back even when a new scan finds a violation for it.
- New. When an incident is found for the first time in a scan, it is marked as a new incident.
- Open. An incident is marked opened when it is resolved on the dashboard but found again in the scan.
- Pending. An incident is marked pending when it is pending review.
- Resolved. Incidents are marked Resolved if the configuration that caused the incident is resolved by a member of your team.
- Suppressed: When an incident is manually changed to Suppressed status, it won't change back even when a new scan finds a violation for it.
NOTE: Suppressed is not listed in the UI, but you can search for it in the Omnibar.
- Suspended. The incident has been suspended.
- Under Investigation. An incident is marked Under Investigation when it is being actively reviewed.
- Viewed. An incident is marked Viewed when it has been viewed for review, but not otherwise categorized.
Skyhigh CASB scans once in every 24 hours, so incidents are updated every 24 hours.