# Issues

Issues page provides a list of identified issues in the selected scan, sorted by severity.

<figure><img src="/files/SywE1Avqu4PcDhgSizf3" alt=""><figcaption><p>Issues</p></figcaption></figure>

The issues table provides the following functionalities.

**Sort**: Issues can be sorted by `Status`, `Name`, `Ease of Mitigation`, `Severity`, `Exploitation Certainty`, `Exploitation Privilege`, and `Affected Objects` columns.

**Search**: Issues can be searched and filtered by `Name` column using the `Search input` on the upper-right side.

**Export**: Issues can be exported as CSV using the `Export button` on the upper-right side.

**Limit and Pagination**: Issue table limit can be defined with input on the bottom-right side. Result pages can be navigated through a widget at the bottom.

<figure><img src="/files/qmLsiE2GcrmiCYYe2nyD" alt=""><figcaption><p>Actions</p></figcaption></figure>

**Download PDF Report**: Issues can be exported as PDF separately using the `Download PDF Report` button on the right side of each row.

**Create Jira Ticket**: Issues can be imported to Jira as separate tickets using the `Create Jira Ticket` button on the right side of each row. But first, you need to integrate FSProtect with cloud or on-prem Jira instance through API. You can visit [`Integration > Jira`](/fsprotect/integrations/jira.md) to learn how to integrate FSProtect with Jira.

**Change Status:** The actions taken regarding the vulnerabilities found are changed in this section. Actions that can be taken: `No Action`, `In Progress`, `Done` and `Accepted Risk`. Column is turned off by default. Status filter shows vulnerabilities with no action and in progress selected by default. Vulnerabilities selected as `Done` or `Accepted Risk` will be hidden on issues table unless filter manually enabled.

<figure><img src="/files/2GzvDmuANNBFSEUR2cp4" alt="Change Issue Status"><figcaption><p>Change Issue Status</p></figcaption></figure>

### Columns

<figure><img src="/files/mWLbVjNxtIvihT3bEwr8" alt=""><figcaption><p>list of columns</p></figcaption></figure>

**FSID:** Unique identifier of the issue within the system.

**Platform:** Indicates the platform or technology related to the issue.

**Status:** Shows the current status of the issue (e.g. open, resolved).

**Name:** The name and short description of the detected issue.

**Tags:** Additional labels used to categorize or group issues.

**Ease of Mitigation:** Indicates how easily the issue can be mitigated.

**MITRE ATT\&CK® Tactics:** Shows the MITRE ATT\&CK tactics associated with the issue.

**Severity:** Indicates the risk level of the issue (e.g. Critical, High).

**Exploitation Certainty:** Shows how likely the issue can be exploited.

**Exploitation Privilege:** Indicates the privilege level required to exploit the issue.

**Affected Objects:** Shows the number of objects impacted by the issue.

**Comment:** Displays comments added to the issue.

**Jira Ticket:** Shows the Jira ticket associated with the issue, if available.

### Column-Based Filtering

The Issue List supports **column-based filtering**, allowing users to filter issues directly by specific column values.\
This enables faster analysis by narrowing down results based on attributes such as severity, MITRE ATT\&CK® tactics, or affected objects.

***

### Affected Objects Filter

The **Affected Objects** filter allows users to filter issues based on the **number of impacted objects**.\
By applying this filter, only issues affecting the specified number of objects or range are displayed, helping prioritize issues with wider impact.

## Issue Details

Issue Details page provides all information and metrics about the identified Issue.

<figure><img src="/files/wXUeiPBlifzJseIIBKn2" alt=""><figcaption><p>Issue Details</p></figcaption></figure>

The first pane contains `Issue Name` , `Tags`, `Global Custom Tags`, `Custom Tags`, and `Exposure Point`.

**Tags:** When adding custom tags, you can choose between two options:&#x20;

`Global Custom Tag` or `Scan Specific Custom Tag`.

&#x20;A `Global Custom Tag` will show up on the same issue in future scans, while a `Scan Specific Custom Tag` will only appear on issues related to a specific scan.

<figure><img src="/files/GVAP8mma8wX6gztVspPl" alt=""><figcaption><p>Add Issue Tag</p></figcaption></figure>

The `Information` pane contains 4 tabs; `Details`, `Identification`, `Mitigation`, and `Detection`. Also, there is a summary pane on the right side that shows different metrics about the issue. The issue can be exported as PDF with the `Download as PDF` button on the upper-right side of this pane.

Details tab contains `Description`, `Impact` and `References`.

**Exposure Point**: vulnerabilities are assessed based on their risk level. A higher Exposure Point indicates a more critical security flaw, while a lower Exposure Point represents a less risky vulnerability.

**Description**: Description contains detailed information about the root cause of the issue and how to exploit it. Also, explanations about related technologies, services, protocols, and inventory types reside here.

**Impact**: Impact explains, how attackers can exploit this issue and what is the effect of this process on Active Directory.

**References**: References contain multiple articles and blog posts for further reading about this issue.

### Identification

Identification tab contains a detailed step-by-step walkthrough about how to identify and verify this issue manually. This walkthrough contains screenshots, manuals, and Powershell or Batch scripts to automatize the identification process. With this roadmap, analysts can manually identify and verify the issue for eliminating false positives.

<figure><img src="/files/orCPQPEPpC0G8mlXiFkT" alt=""><figcaption><p>Identification</p></figcaption></figure>

### Mitigation

Mitigation tab also contains a detailed step-by-step walkthrough about how to mitigate/remediate issues or implement a workaround with minimum effort. This walkthrough contains manuals and Powershell or Batch scripts to automatize the mitigation process. With these manuals, system administrators can easily and safely remediate identified issues.

<figure><img src="/files/dzyQELaZ5KgpFvLNNAg2" alt=""><figcaption><p>Mitigation</p></figcaption></figure>

### Detection

Detection tab contains methods, log sources, and Event Log IDs to detect possible exploitations of this issue. With this information, analysts can speed up their process to create detection rules for SIEM or different security products.

<figure><img src="/files/qZzdPBbSYvaxqLbBNscu" alt=""><figcaption></figcaption></figure>

### Affected Objects

This area can contain multiple tables for each entity type that is affected by this issue. These tables contain affected entities and different issue-related information. These tables also provide `Sort`, `Search`, `Export`, `Limit`, and `Pagination` functions like other tables in the web interface. For further analysis, you can go to the affected object's details page by clicking the `Name`.

<figure><img src="/files/RTLmJqH2FcNOAwyHKPDD" alt=""><figcaption><p>Affected Objects</p></figcaption></figure>

### Row Based Exclusion

Row-Based Exclusions provide the ability to create exclusions for rows, either individually or in bulk, within a selected scan policy. Exclusions are defined based on the exclusion type and relevant criteria. By allowing exclusions to be defined on results, this feature simplifies and accelerates the exclusion definition process. These exclusions can be modified at any time through the policy settings.

<figure><img src="/files/xd5vZ0xXnMmEDmXrXh1y" alt=""><figcaption></figcaption></figure>

### **Summary Pane**

Summary pane on the right-upper side contains `Severity`, `Ease of Mitigation`, `Ease of Detection`, `Ease of Deception`,`Exploitation Privilege`, `Exploitation Certainty` ,`FSProtect Impact Name`, `APT Group Using`, and `MITRE ATT&CK Tactics`.

<figure><img src="/files/kDgbeDuijkOz3UZsQ6Ew" alt=""><figcaption></figcaption></figure>

**APT Group Using**: APT groups that exploit this issue to compromise Active Directory.

**MITRE ATT\&CK Tactics**: MITRE ATT\&CK Tactics related to this issue.

Details about `Severity`, `Ease of Mitigation`, `Ease of Detection`, `Ease of Deception`,`Exploitation Privilege`, `Exploitation Certainty` and `FSProtect Impact Name` metrics can be found on the [Glossary](/fsprotect/readme/glossary/glossary.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.forestall.io/fsprotect/issues.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.