Actions with issues
Each issue allows some actions to be taken. An issue can be sent for remediation by assigning it to one or more remediation projects. An issue can also be excluded for cases when a detected issue does not apply to an IT infrastructure or for cases where according to your existing technical policy the risk of an incident is considered acceptable. Both remediation projects and issue exceptions can be applied globally or for a limited set of assets by defining a set of labels to which projects and exclusions apply.
Excluding an issue
From the issue action menu, you can add an exclusion for an issue if the issue is not applicable or seems not reasonable.
Issues that have been excluded for all assets they were found on do not appear in the default list view of issues. You need to include those issues explicitly to look at those issues. You can leverage the "include" filter option.
Excluded issues are disregarded when calculating health scores for an asset or organization. Excluding an issue will therefore raise the health score.
Assigning an issue to a remediation project
High-priority issues should always be addressed. Where to draw the line is difficult to say and can vary between organizations. Assigning an issue to a remediation project does not necessarily mean that the issue will be remediated. The first step can be to do the due diligence on detected issues and move issues to a project to identify and decide on how to tackle a high-priority or impactful issue. The due diligence could lead to the decision to exclude an issue or adjust the configuration setting in Nanitor.
From the issue list, select one or more issues you want to move to a remediation project and select the ASSIGN PROJECT option from the menu on the top right of the issue list.
An issue can be assigned to one or more projects. The project(s) an issue has been assigned to are indicated in the project column of the issue list.
Additionally, the issue list can be filtered on projects, either to find issues assigned to specific projects or issues that have not been assigned to any project. Issues in the P0 or P1 categories should always be addressed by assigning them to a project in a timely manner (within 30 days) to reduce the risk of an exploit.