Issue Details

You can view the additional details for and further manage any issue within the Issues list.

To view issue details:

  1. Access the Issues page.

  2. In the issues list, click on the issue for which you want to view additional details.

    The issue details panel appears.

Here, you can:

  • In the upper-left corner of the page, view the issue's color coded severity category, as well as the total number of alerts that have been generated as part of this issue.

  • In the upper-right corner of the page, manage the issue in the following ways:

    • Click the button to copy the issue link.

    • Click Contact User to contact the user responsible for the issue.

      You navigate directly to an email window, where you can contact the responsible user.

      1. Click Exclude Evidence.

        The Evidences to exclude panel appears.

        Tip: Use the Search bar to search for a specific piece of evidence to exclude.

      2. Select the check box next to each piece of evidence you want to exclude from the issue.

      3. Click Approve.

        Tenable AI Exposure creates an exclusion for the evidence, and adds it to the Exclusions page.

      1. Do one of the following:

        • To resolve the issue as a true positive, click Resolve Selected.

        • To resolve the issue another way, click the button.

          A menu appears.

          1. Select one of the following options:

            • Resolve as True Positive — Mark the issue(s) as a legitimate vulnerability that has been mitigated.

            • Resolve as Benign Positive — Mark the issue(s) as expected behavior that appears suspicious, but is actually benign.

            • Resolve as False Positive — Mark the issue(s) as alerts that were triggered incorrectly, and are not an actual risk.

        A confirmation dialog appears.

      2. (Optional) In the Add a reason text box, type a brief description of why you're resolving the issue.

      3. Click Save.

The issue details panel also includes the following sections:

The Issue Map is a map-based graphical representation of the issue the areas it affects.

Here, you can visualize how the issue fits into your organization by viewing how the issue connects to your users, the messages they send and the applications they use to send them, their private keys, and more!

Tip: You can click, drag, and zoom in or out on the Issue Map.

The Assets section lists information about the assets affected by the issue.

Tip: In the upper-right corner of the section, click the button to manage which columns appear in the list.

Here, you can view the following information about these assets:

  • Type — An icon that represents the type of asset, for example a user.

  • Name — The name of the asset.

  • Messages / Sessions — The number of individual messages sent as compared to the number of individual sessions created by the asset.

  • Risk Score — Where applicable, color coded user risk score associated with the asset.

  • Topics — Where applicable, the topics discussed in the messages sent between the user and the AI application.

  • Click the button to view additional options:

    • See activity — Click to navigate directly to the Sessions page, where you can view more information about the AI usage related to the asset.

    • See issues — Click to navigate directly to the Issues page, where you can view information about the issues associated with the asset,

    • Contact user via email — Click to contact the user responsible for the issue via email.

      You navigate directly to an email window, where you can contact the responsible user.

Evidence can be defined as a set of artifacts—such as logs, input/output traces, model weights, adversarial examples, or system telemetry—that substantiate the presence, cause, or effect of a security-related anomaly or attack on an AI system. The Evidence section lists information about the available evidence associated with the current issue.

Here, you can view the following information about this evidence:

  • Severity — The color coded severity category associated with the evidence.

  • Evidence — A preview of the evidence.

  • Sent from — Who or what sent the evidence, for example, User.

  • Sub Category — The sub category to which the evidence belongs, for example, Private key.

  • Session ID — The ID of the session during which the evidence was collected.

  • App — The AI application from which the evidence was collected.

  • Repeated — Where applicable, the number of times the evidence appeared in the application.

  • Classification — Select a resolution to classify the evidence:

    1. Click the button to expand the drop-down menu.

    2. Select one of the following options:

      • True Positive — Mark the evidence as a legitimate piece of evidence that has been resolved.

      • Benign Positive — Mark the evidence as expected behavior that appears suspicious, but is actually benign.

      • False Positive — Mark the evidence as an alert that was triggered incorrectly, and is not an actual risk.