Issues page provides a list of identified issues in the selected scan, sorted by severity.

The issues table provides the following functionalities.

Sort: Issues can be sorted by Name, Severity, Ease of Mitigation, and Affected Objects columns.

Search: Issues can be searched and filtered by Name column using the Search input on the upper-right side.

Export: Issues can be exported as CSV using the Export button on the upper-right side.

Limit and Pagination: Issue table limit can be defined with input on the bottom-right side. Result pages can be navigated through a widget at the bottom.

Download PDF Report: Issues can be exported as PDF separately using the Download PDF Report button on the right side of each row.

Create Jira Ticket: Issues can be imported to Jira as separate tickets using the Create Jira Ticket button on the right side of each row. But first, you need to integrate FSProtect with cloud or on-prem Jira instance through API. You can visit Integration > Jira to learn how to integrate FSProtect with Jira.

Issue Details

Issue Details page provides all information and metrics about the identified Issue.

The first pane contains Issue Name and Tags.

The Information pane contains 4 tabs; Details, Identification, Mitigation, and Detection. Also, there is a summary pane on the right side that shows different metrics about the issue. The issue can be exported as PDF with the Download as PDF button on the upper-right side of this pane.

Details tab contains Description, Impact and References.

Description: Description contains detailed information about the root cause of the issue and how to exploit it. Also, explanations about related technologies, services, protocols, and inventory types reside here.

Impact: Impact explains, how attackers can exploit this issue and what is the effect of this process on Active Directory.

References: References contain multiple articles and blog posts for further reading about this issue.

Identification

Identification tab contains a detailed step-by-step walkthrough about how to identify and verify this issue manually. This walkthrough contains screenshots, manuals, and Powershell or Batch scripts to automatize the identification process. With this roadmap, analysts can manually identify and verify the issue for eliminating false positives.

Mitigation

Mitigation tab also contains a detailed step-by-step walkthrough about how to mitigate/remediate issues or implement a workaround with minimum effort. This walkthrough contains manuals and Powershell or Batch scripts to automatize the mitigation process. With these manuals, system administrators can easily and safely remediate identified issues.

Detection

Detection tab contains methods, log sources, and Event Log IDs to detect possible exploitations of this issue. With this information, analysts can speed up their process to create detection rules for SIEM or different security products.

Affected Objects

This area can contain multiple tables for each entity type that is affected by this issue. These tables contain affected entities and different issue-related information. These tables also provide Sort, Search, Export, Limit, and Pagination functions like other tables in the web interface. For further analysis, you can go to the affected object's details page by clicking the Name.

Summary Pane

Summary pane on the right-upper side contains Severity, Ease of Mitigation, Ease of Detection, Ease of Deception, FSProtect Impact Name, APT Group Using, and MITRE ATT&CK Tactics.

APT Group Using: APT groups that exploit this issue to compromise Active Directory.

MITRE ATT&CK Tactics: MITRE ATT&CK Tactics related to this issue.

Details about Severity, Ease of Mitigation, Ease of Detection, Ease of Deception, and FSProtect Impact Name metrics can be found on the Glossary.