%201.png){kind=logo}
Scan Results
Overview
Administrators can distinguish between true positives and false positives for discovered sensitive information and choose the final results to be reflected in the inventory.
Administrator > Discovery > Discovery Management > Scan Results
On the Scan Results page, administrators assess whether the discovered sensitive information is a false positive. They can either select "Accept" to confirm the information (and apply the sensitive item tag to the detected target in the inventory) or "Mark as False Positive" to record the target as a false positive.
Handling the Status of Discovered Sensitive Information
When sensitive information is initially discovered, its status is set to "Presumed." The administrator must then determine whether it is accurate or not by selecting "Accept" or "Mark as False Positive." Only the items marked as "Accepted" are reflected in the inventory.
If previously discovered sensitive information is not found in subsequent job runs, its status changes to "Not Found." The administrator must then verify whether this absence is due to the actual deletion of the sensitive information or an error and update the status accordingly.
Status Bar
The status bar provides daily statistics on job statuses.
Job Running Status
Total: The total number of jobs executed from 00:00 to 23:59:59.
Failed: The number of jobs that failed during the same period.
Aborted: The number of jobs that were aborted by the user during the same period.
Job Type
Scheduled: The number of jobs executed as per a schedule between 00:00 and 23:59:59.
Manual: The number of jobs manually executed during the same period.
Sensitive Items
Total: The total number of sensitive information items discovered from 00:00 to 23:59:59.
Result Status
Presumed: The number of newly discovered sensitive information items during the same period.
Accepted: The number of sensitive information items marked as "Accepted" by the user.
False Positive: The number of sensitive information items marked as "False Positive" by the user.
Reviewing and Managing Discovered Sensitive Information
The path where sensitive information is located and the related compliance information can be viewed in the list.
Export: The list can be exported in JSON format. If encryption is enforced in the QueryPie settings, a password must be entered for the ZIP file.
Changes Detected: If changes occur during the job (such as new sensitive information being discovered or existing sensitive information not being found), a "Changes Detected" indicator will be displayed.
Verify: Where administrators can review the discovered sensitive information and choose to "Accept" or "Mark as False Positive."
Discovered sensitive information can be marked as "Accept," "Mark as False Positive," or "Presume."
Accept: Choose this option if the sensitive information is correctly identified at the specified location.
Mark as False Positive: Choose this option if the sensitive information was incorrectly detected.
Presume: Select this to revert a previously "Accepted" or "False Positive" item back to its initial "Presumed" status.
Accept All: Apply "Accept" to all discovered items at once.
Mark as False Positives: Apply "Mark as False Positive" to all discovered items at once.
Presume All: Set all discovered items to "Presume" status.
If sensitive information that should be present at a location was not detected, users can manually assign a tag. This manual tagging is final and will be reflected in the inventory.
By clicking on a specific row in the list of discovered sensitive information, a detailed view is available, including five sample data points.
Detection Profiles: Lists the names of the detection profiles used in the discovery process.
Sensitive Item Samples: Displays five samples of the discovered sensitive information. If the same item is detected across multiple detection profiles, it may appear multiple times.
Changes of Detected Sensitive Item and Status
Former Status: Displays the results from the most recent job review.
Updated Status: Shows the current status after changes.
Updated By: Indicates who made the changes.
Updated At: Displays the timestamp of the changes.