Findings Management
Discover, prioritize, and remediate security findings across your entire infrastructure. Axura helps you understand the risk and fix issues faster.
What are Findings?
Findings are security issues, misconfigurations, or compliance gaps discovered during Axura's scanning process. Each finding includes context about the risk, affected resources, and recommended remediation steps.
Severity Levels
| Severity | Description | SLA | Example |
|---|---|---|---|
| Critical | Immediate security risk, potential data breach | 24 hours | Public S3 bucket with sensitive data |
| High | Significant security gap, compliance failure | 7 days | IAM user without MFA |
| Medium | Moderate risk, should be addressed | 30 days | Outdated SSL/TLS version |
| Low | Minor issue, best practice recommendation | 90 days | Missing resource tags |
Finding Lifecycle
OPEN → IN_PROGRESS → RESOLVED → VERIFIED
OPEN
└─ Finding discovered during scan
└─ Awaiting remediation
IN_PROGRESS
└─ Assigned to team member
└─ Remediation work started
RESOLVED
└─ Fix applied
└─ Awaiting verification scan
VERIFIED
└─ Confirmed fixed in next scan
└─ Closed permanently
Special States:
RISK_ACCEPTED → Accepted with justification
FALSE_POSITIVE → Marked as not applicableFinding Details
Each finding provides comprehensive information for remediation:
Resource Information
Exact resource affected (ARN, resource ID, location)
Risk Context
Why this matters and potential impact if exploited
Compliance Mapping
Which framework controls are affected
Remediation Steps
Step-by-step instructions to fix the issue
Remediation Scripts
Ready-to-use CLI commands or IaC snippets
Evidence
Screenshots and configurations showing the issue
Filtering & Search
Find relevant findings quickly with powerful filters:
- Severity - Filter by Critical, High, Medium, Low
- Status - Open, In Progress, Resolved, Risk Accepted
- Integration - AWS, GCP, GitHub, etc.
- Framework - SOC 2, ISO 27001, HIPAA controls
- Resource Type - S3, IAM, EC2, RDS, etc.
- Assignee - Findings assigned to specific team members
- Age - How long the finding has been open
Bulk Operations
Manage multiple findings efficiently:
- Bulk Assign - Assign multiple findings to a team member
- Bulk Accept Risk - Accept risk for similar low-priority items
- Bulk Export - Export findings to CSV or PDF for reporting
- Create Jira Tickets - Generate Jira tickets for selected findings
⚠️ Risk Acceptance
When accepting risk, you must provide a justification. Risk acceptances are logged in the audit trail and must be reviewed periodically.
Deduplication
Axura intelligently deduplicates findings to reduce noise:
- Same issue across multiple resources → Grouped together
- Recurring issues from subsequent scans → Tracked as single finding
- Related findings → Linked for context
Reporting
Generate finding reports for stakeholders:
- Executive Summary - High-level risk overview for leadership
- Technical Report - Detailed findings with remediation steps
- Compliance Report - Findings mapped to framework controls
- Trend Analysis - Finding trends over time