A finding can have one of two states: Active
or Inactive
.
When a finding is first created, the built-in detection services set the
state
property of the finding to Active
. Generally, you can consider
Active
to mean that the underlying security issue still exists; however,
as explained later in this section, that is not always the case.
The state of a finding can become Inactive
if certain detection services
detect that the security issue was remediated or that the affected resource
was deleted. You can also manually change the state to Inactive
. Generally,
you can consider Inactive
to mean that the underlying security issue no
longer exists; however, as explained later in this section, that is
not always the case.
At any point in time, the state
of a finding might not reflect the
current state of the detected security issue. The following list shows some
of the reasons a mismatch might occur:
Some detection services do not update their findings automatically after the detected issue is remediated.
The state of threat findings are never changed automatically.
For the detection services that do update their findings automatically, there is usually a delay before the remediation is detected and the finding is updated.
The state of a finding might be changed manually to a state that does not match the state of the detected issue.
Only the following vulnerability and misconfiguration detection services
automatically change the state of a finding from Active
to Inactive
upon detecting that the corresponding issue is remediated:
- Security Health Analytics
- VM Manager
For information about manually changing the state of a finding in the Google Cloud console, see Changing the state of a finding.