Sometimes, Security for Confluence will find false positives, credentials which have already been revoked, etc. If this happens, you can mark the finding as reviewed. This prevents the finding, as well as any other findings which exactly match it, as reviews the current and future scans.
Reviewing a finding from the Security Analysis
Click the Mark reviewed button on the finding you want to review. This opens a confirmation window.
Marking a finding as reviewed saves the exact string captured by the rule (in this case,
AKIAIO5FODNN7EXAMPLE). That exact string will be marked as reviewed for all existing and future scans.
After the finding is marked as reviewed, all other findings of that exact string will disappear from the Security Analysis.
Reviewed findings can be shown again with the Show reviewed toggle, where they can also be unmarked.
Note that reviewed false positives are scoped to a space; that is, identical findings across multiple spaces must be reviewed separately.
Exporting reviewed false positives
Information about reviewed false positives, such as who marked them reviewed and when, may be exported from the Security Analysis by clicking “Export Space” and then “Reviewed False Positives”.
Note that reviewed false positives are stored independently of any findings. In other words, after clicking “Mark Reviewed” on a finding, that text persists and marks all future matching results as reviewed, even if the original finding is deleted.
You can also export reviewed false positives in all your spaces from the Soteri Dashboard.
Auditing who reviewed findings
When a finding is marked or unmarked reviewed, an audit log event is generated. This audit event includes who made the change, what rule generated the finding, and a link to the Security Analysis for viewing what exactly was reviewed. For more information, see Viewing Audited Events.