Security Issue Tracking

Findings are raw scanner output — every individual detection a scan produces, including low-signal noise. Issues are the curated, actionable layer on top: critical and high findings are automatically promoted into issues, duplicates are merged, and your team works off the issue list instead of drowning in raw detections. This separation keeps the audit trail complete while giving security teams a clean queue to act on.

Owners, Admins, and Managers can assign any issue to a specific team member in one click. The assignee gets notified, the issue appears in their personal queue, and ownership is visible across the workspace so no issue sits unclaimed. Reassignment is one click and is recorded in the audit log alongside every other status change.

Yes. Issues can be pushed to Jira as tickets with severity, CVSS, affected asset, and remediation guidance pre-filled. Status changes sync both ways — close the Jira ticket and the FortWatch issue marks resolved; reopen in FortWatch and Jira reflects it. GitHub Issues and webhook-based integrations work the same way, so your developers keep fixing bugs in the tool they already live in.

By default, issues are ordered by severity — critical first, then high, medium, and low — with the most recently discovered issues surfacing inside each bucket. You can re-sort by asset, assignee, status, or SLA deadline. Info-severity findings are hidden unless you explicitly opt in, so noise never pushes real work below the fold.

Yes. Every issue inherits a severity-based SLA: critical 24 hours, high 7 days, medium 30 days, low 90 days. The countdown starts when the issue is created, pauses while dismissed, and resumes on reopen. Breached SLAs are flagged visually and exportable for compliance reporting, so remediation velocity is measurable instead of assumed.

Open the issue, choose Dismiss, pick a reason (accepted risk, false positive, won't fix, duplicate), and add a short note. The issue leaves the active queue but stays in the audit log with the dismissing user, reason, and timestamp. If the same vulnerability resurfaces on a future scan, FortWatch flags the prior dismissal so you can reconfirm the decision rather than silently re-dismiss.

Deduplication runs on the fingerprint of the vulnerability — CVE, affected asset, port, and path — so the same finding across repeated scans doesn't generate a new issue each time. When a duplicate is detected, the existing issue's last-seen timestamp updates and the scan count increments, keeping your queue clean without losing the evidence trail.

FortWatch verifies fixes on the next scan of the affected asset. If the vulnerability is no longer detected, the issue is marked Fixed and the SLA closes. If a previously fixed issue resurfaces in a later scan, it automatically reopens with a note linking to the prior resolution, so regressions are caught instead of quietly re-appearing as new findings.