Skip to main content

Managing Findings

Track, prioritize, and act on audit findings with CloudArq's flexible status management system. Stay on top of remediation work.

Finding Statuses

Each finding can have one of eight statuses that track its progress from discovery to resolution:

Open

The finding was detected and not yet actioned. This is the default state for all new findings.

Acknowledged

You've seen the finding and accept it as a valid issue. Use this to mark findings you plan to act on soon.

In Progress

You're actively working on fixing this finding. Ideal for assigning to team members.

Fix Submitted

You've deployed a fix and are waiting for verification. Use this to move findings out of "In Progress" once the change is live.

Verified Fixed

CloudArq (or you manually) verified the fix works. The finding is resolved.

Suppressed

You've intentionally hidden the finding because it's a false positive, not applicable, or an accepted risk. Suppressed findings don't count toward your audit score.

Reopened

A previously closed finding resurfaced during a new scan. This may indicate a regression or incomplete fix.

Closed

The finding was resolved and did not appear in subsequent scans. Closed findings are archived but still visible in history.

Status Workflow

The typical workflow for remediating a finding:

1

Open (Default)

Finding appears in new scan

2

Acknowledged

You review and accept the finding

3

In Progress

Your team starts working on the fix

4

Fix Submitted

Fix is deployed to production

5

Verified Fixed

Verification scan confirms the fix works

Note: You can skip steps or move findings backward if needed. The workflow is flexible based on your process.

Suppressing Findings

When to Suppress

Suppress a finding when:

  • False Positive: The finding is incorrect and your configuration is actually compliant
  • Not Applicable: The finding doesn't apply to your use case or environment
  • Accepted Risk: You've evaluated the risk and decided not to fix it (document this decision)

How to Suppress

  1. 1.Open the finding
  2. 2.Click the "Suppress" button
  3. 3.Select the reason (False Positive, Not Applicable, or Accepted Risk)
  4. 4.Optionally add a note explaining your decision
  5. 5.Confirm suppression

Persistence

Suppressed findings remain suppressed across subsequent scans. If the underlying issue is fixed and the finding no longer appears, it will be automatically marked as Closed.

Marking as Fixed

The Process

  1. 1.Deploy your fix to AWS
  2. 2.Change the finding status to "Fix Submitted"
  3. 3.CloudArq will verify the fix on the next scan

Verification Timeline by Plan

How quickly your fix is verified depends on your plan:

Max Tier

Immediate re-scan of the affected resource

Pro Tier

Verified on the next full scan (within 1 week)

Starter Tier

No automatic verification. Manually close the finding when fixed.

Status Persistence

Your status changes are preserved across scans. This means:

Suppressed findings stay suppressed

Even if the condition still exists, suppressed findings remain hidden until you unsuppress them

In-Progress findings are remembered

If you mark a finding as "In Progress" and it reappears in a new scan, it stays "In Progress"

Acknowledged findings carry forward

Acknowledging a finding marks your team's awareness, persisting across all future scans

If a suppressed or closed finding reappears in a new scan (e.g., configuration was reverted), CloudArq will automatically set it to "Reopened" status to alert you.

Finding History

Access History

  1. 1.Go to the Findings section
  2. 2.Click the "History" tab
  3. 3.View all findings that have been actioned (closed, suppressed, verified fixed, etc.)

What's Shown

The History tab displays:

  • Finding title and resource
  • When it was first detected
  • When it was closed or suppressed
  • Any notes or reasons for suppression

Filter & Export

Filter history by date range, severity, or status. Export as PDF or CSV for reporting and compliance documentation.