mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
e6fc59267b
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
120 lines
5.5 KiB
Plaintext
120 lines
5.5 KiB
Plaintext
---
|
|
title: 'Finding Groups'
|
|
description: 'Organize and triage security findings by check to reduce noise and prioritize remediation effectively.'
|
|
---
|
|
|
|
import { VersionBadge } from "/snippets/version-badge.mdx"
|
|
|
|
<VersionBadge version="5.23.0" />
|
|
|
|
Finding Groups transforms security findings triage by grouping them by check instead of displaying a flat list. This dramatically reduces noise and enables faster, more effective prioritization.
|
|
|
|
## Triage Challenges with Flat Finding Lists
|
|
|
|
A real cloud environment produces thousands of findings per scan. A flat list makes it impossible to triage effectively:
|
|
|
|
- **Signal buried in noise**: the same misconfiguration repeated across 200 resources shows up as 200 rows, burying the signal in repetitive data
|
|
- **Prioritization guesswork**: without grouping, understanding which issues affect the most resources requires manual counting and correlation
|
|
- **Tedious muting**: muting a false positive globally requires manually acting on each individual finding across the list
|
|
- **Lost context**: when investigating a single resource, related findings are scattered across the same flat list, making it hard to see the full picture
|
|
|
|
## How Finding Groups Addresses These Challenges
|
|
|
|
Finding Groups addresses these challenges by intelligently grouping findings by check.
|
|
|
|
### Grouped View at a Glance
|
|
|
|
Each row represents a single check title with key information immediately visible:
|
|
|
|
- **Severity** indicator for quick risk assessment
|
|
- **Impacted providers** showing which cloud platforms are affected
|
|
- **X of Y impacted resources** counter displaying how many resources fail this check
|
|
|
|
For example, `Vercel project has the Web Application Firewall enabled` across every affected project collapses to a single row — not one per project. Sort or filter by severity, provider, or status at the group level to triage top-down instead of drowning in per-resource rows.
|
|
|
|

|
|
|
|
### Expanding Groups for Details
|
|
|
|
Expand any group inline to see the failing resources with detailed information:
|
|
|
|
| Column | Description |
|
|
|--------|-------------|
|
|
| **UID** | Unique identifier for the resource |
|
|
| **Service** | The cloud service the resource belongs to |
|
|
| **Region** | Geographic region where the resource is deployed |
|
|
| **Severity** | Risk level of the finding |
|
|
| **Provider** | Cloud provider (AWS, Azure, GCP, Kubernetes, etc.) |
|
|
| **Last Seen** | When the finding was last detected |
|
|
| **Failing For** | Duration the resource has been in a failing state |
|
|
|
|

|
|
|
|
### Resource Detail Drawer
|
|
|
|
Select any resource to open the detail drawer with full finding context:
|
|
|
|
- **Risk**: the security risk associated with this finding
|
|
- **Description**: detailed explanation of what was detected
|
|
- **Status Extended**: additional status information and context
|
|
- **Remediation**: step-by-step guidance to resolve the issue
|
|
- **View in Prowler Hub**: direct link to explore the check in Prowler Hub
|
|
- **Analyze This Finding With Lighthouse AI**: one-click AI-powered analysis for deeper insights
|
|
|
|

|
|
|
|
### Bulk Actions
|
|
|
|
Bulk-mute an entire group instead of chasing duplicates across the list. This is especially useful for:
|
|
|
|
- Known false positives that appear across many resources
|
|
- Findings in development or test environments
|
|
- Accepted risks that have been documented and approved
|
|
|
|
<Warning>
|
|
Muting findings does not resolve underlying security issues. Review each finding carefully before muting to ensure it represents an acceptable risk or has been properly addressed.
|
|
</Warning>
|
|
|
|
## Other Findings for This Resource
|
|
|
|
Inside the resource detail drawer, the **Other Findings For This Resource** tab lists every finding that hits the same resource — passing, failing, and muted — alongside the one currently being reviewed.
|
|
|
|

|
|
|
|
### Why This Matters
|
|
|
|
When reviewing "WAF not enabled" on a Vercel project, the tab immediately shows:
|
|
|
|
- Skew protection status
|
|
- Rate limiting configuration
|
|
- IP blocking settings
|
|
- Custom firewall rules
|
|
- Password protection findings
|
|
|
|
All for that same project, without navigating back to the main list and filtering by resource UID.
|
|
|
|
### Complete Context Within the Drawer
|
|
|
|
Pair the Other Findings tab with:
|
|
|
|
- **Scans tab**: scan history for this resource
|
|
- **Events tab**: changes and events over time
|
|
|
|
This provides full context without leaving the drawer.
|
|
|
|
## Best Practices
|
|
|
|
1. **Start with high severity groups**: focus on critical and high severity groups first for maximum impact.
|
|
2. **Use filters strategically**: filter by provider or status at the group level to narrow the triage scope.
|
|
3. **Leverage bulk mute**: when a finding represents a confirmed false positive, mute the entire group at once.
|
|
4. **Check related findings**: review the Other Findings tab to understand the full security posture of a resource.
|
|
5. **Track failure duration**: use the "Failing For" column to prioritize long-standing issues that may indicate systemic problems.
|
|
|
|
## Getting Started
|
|
|
|
1. Navigate to the **Findings** section in Prowler Cloud/App.
|
|
2. Toggle to the **Grouped View** to see findings organized by check.
|
|
3. Select any group row to expand and see affected resources.
|
|
4. Select a resource to open the detail drawer with full context.
|
|
5. Use the **Other Findings For This Resource** tab to see all findings for that resource.
|