Sometimes, Security for Confluence will find false positives, credentials which have already been revoked, etc. If this happens, you can review the finding. This marks the finding, as well as any other findings which exactly match it, as reviewed in the current and future scans.
Reviewing a finding from the Scan Report
Click the Mark reviewed button on the finding you want to review. This opens a confirmation window.
Marking a finding as reviewed saves the exact string captured by the rule (in this case,
xoxo-523423-234243-234233-e039d02840a0b9379c). That exact string will be marked as reviewed for all existing and future scans.
After the finding is marked as reviewed, all other findings of that exact string will disappear from the Scan Report. In this example, since there were two findings matching the reviewed text, both of them have disappeared.
Reviewed findings can be shown again with the Show reviewed toggle, where they can be unmarked.
Note that reviewed findings are scoped to a space – identical findings across multiple spaces must be reviewed separately.
Auditing who reviewed findings
When a finding is reviewed, or un-reviewed, an audit log event is generated. This audit event includes who marked the finding as reviewed, what rule generated the finding, and a link to the scan report for viewing what exactly was reviewed. For more information, see Viewing Audited Events.