Triage Actions in BoostSecurity¶
Triage actions in BoostSecurity provide users with a way to manage and classify security findings and violations. These actions persist throughout the lifecycle of a finding or violation unless removed due to code remediation, finding deletion from removing a scanner or orphaned data cleanup, or other changes.
Each triage action modifies how findings are displayed, reported, or addressed within the platform. This document provides an overview of the available triage actions and their impact on security assessments.
Available Triage Actions¶
1. Override¶
Functionality:
- Allows users to manually adjust the severity and/or confidence level of one or more findings or violations.
- Triggers a reevaluation of policy rules.
- If the override changes the violation status, this update is reflected in the system.
Use Case: When a security team wants to reclassify a finding based on internal risk assessment rather than automated classification.
2. Suppress¶
The Suppress action hides findings from default views and reports. It includes three specific classifications:
a. False Positive
Functionality:
- Marks a finding or violation as a False Positive, meaning it is an incorrect detection.
- Removes it from default dashboards and reports.
Use Case: When an issue is misidentified as a security risk and does not pose an actual threat.
b. Won’t Fix
Functionality:
-
Marks a finding or violation as Won’t Fix to indicate that it is a legitimate issue but will not be addressed.
-
Removes the finding from default views but does not classify it as a false positive.
Use Case: When a vulnerability exists but remediation is deemed unnecessary due to business considerations or acceptable risk.
c. Snooze
Functionality:
- Temporarily hides a finding or violation from default views for a specified period.
- Once the snooze period expires, the finding reappears.
Use Case:
- When an issue requires review at a later time but is not an immediate priority.
3. Mark as Verified¶
Functionality:
- Marks a finding as Verified, confirming that it has been reviewed and validated as legitimate.
- Verified findings can be filtered out to prevent redundant triage efforts.
- Allows for bulk actions, such as creating JIRA tickets or performing status checks.
Use Case: When security teams confirm a finding's validity and need to track it separately for further action.
Summary Table¶
| Triage Action | Effect on Finding | Visibility | Use Case |
|---|---|---|---|
| Override | Recalculates policy and updates violation status | Visible with updated status | Adjust severity/confidence level |
| False Positive | Hides from reports and dashboards | Hidden | Incorrect detection |
| Won’t Fix | Hides from default views but remains legitimate | Hidden | Issue will not be addressed |
| Snooze | Temporarily hides from default views | Returns after snooze period | Delay action until later |
| Mark as Verified | Confirms legitimacy, prevents re-triaging | Visible with filtering options | Track verified findings |