Appearance
Finding Detail
The finding detail page provides a complete view of a specific evaluation result, including its current status, linked asset and policy, and the full evaluation history.
Accessing a Finding
Navigate to a finding detail page by:
- Clicking the view (eye) button in the findings list
- Clicking a finding link from the asset detail page
Finding Information
The top section displays the current state of the finding with the following fields:
| Field | Description |
|---|---|
| Asset | The asset this finding applies to. Click to navigate to the asset detail page. |
| Policy | The policy that contains the evaluated ruleset. Click to navigate to the policy detail page. |
| Rule | The ruleset that produced this finding. Click to navigate to the ruleset detail page. |
| Status | The current evaluation result badge: Pass (green), Fail (red), or Error (orange) |
| State | The finding's lifecycle state: Active (currently being tracked) or Resolved |
| Total Evaluations | How many times this finding has been evaluated since creation |
| Last Updated | When the most recent evaluation occurred |
| Last Updated By | The actor type (System or User) and identifier |
Evaluation History
Below the finding information, the evaluation history shows a chronological timeline of every evaluation performed on this finding.
Timeline View
Each evaluation entry in the timeline displays:
| Element | Description |
|---|---|
| Number | Sequential evaluation number (most recent first) |
| Result | Pass, Fail, or Error badge |
| Date | When this evaluation occurred |
| Actor | System (automatic) or User (manual override) badge |
| Scan Name | The scan that triggered this evaluation (if applicable) |
Expanded Details
Click on any evaluation entry to expand it and view additional details:
- Reason: An explanation of why the check produced this result. For failing checks, this typically describes what was expected versus what was found.
INFO
The evaluation history provides a complete audit trail. Auditors can trace exactly when a finding changed status, what triggered the change, and who was responsible.
Understanding the Timeline
The evaluation history is displayed with the most recent evaluation at the top. Each entry represents a single evaluation run. Common patterns include:
Consistent Pass
A finding that consistently passes indicates a well-configured asset that maintains compliance over time.
Consistent Fail
A finding that consistently fails indicates a persistent configuration issue that has not been remediated. Investigate the failing ruleset's requirements and the asset's inventory data.
Pass-to-Fail Transition
A finding that transitions from Pass to Fail indicates a regression. This might be caused by:
- A configuration change on the asset
- An update to the ruleset's expected values (e.g., stricter requirements from a feed update)
- Inventory data changes detected by a sensor
Fail-to-Pass Transition
A finding that transitions from Fail to Pass indicates successful remediation. The fix was applied and confirmed by the next evaluation cycle.
Manual Override
An evaluation with a User actor indicates that someone manually set the finding result. This is typically done for:
- Compensating controls that the automated check cannot detect
- Accepted risks with documented justification
- Manual rulesets that require human judgment
Navigation
The breadcrumb at the top of the page shows the navigation path:
- Home > Findings > [Rule Title]
Use the Back button in the top-right corner to return to the previous page.
Related Pages
- View Findings: Browse and filter all findings
- Understanding Findings: Finding concepts and lifecycle
- Evaluate a Policy: How evaluations generate findings
- Understanding Rulesets: The checks that generate findings