Finding Triage & Evidence Review

Core fields

  • Title: short description of the issue.
  • Severity: risk level assigned by policy.
  • Evidence: file location, context, and trace (when available).
  • Confidence: how strongly the system believes the finding is valid.

Triage workflow

  1. Confirm ownership and assign to the responsible team.
  2. Validate evidence in code.
  3. Decide on remediation, mitigation, or exception.
  4. Track status changes for audit visibility.

Feedback and voting

  • Feedback: mark findings accurate or false positive to improve future precision.
  • Proposal voting (Policy tab): review and vote on rule proposals when your tenant participates.
  • Guardrails: proposals require multi-reviewer consensus and tenant approvals before promotion.

Tenant-local promotion (optional)

  • You can promote an intel-derived proposal locally to your tenant without affecting global rules.
  • Local promotion is tenant-only until global approval; the UI will show this status.
  • Each local promotion can include a note that is recorded for audit and community review.

Severity guidance

  • Critical/High: prioritize and remediate immediately.
  • Medium: remediate within standard SLA.
  • Low: address during regular maintenance windows.

Best practices

  • Verify evidence in code before applying a fix.
  • Use policy bundles to tune noise levels.
  • Record exceptions with rationale and expiry where appropriate.