πŸ““Environment Terminology

This page is a guide to the terminology P0 uses for environment scans.

  • Environment - The systems that P0 will analyze; consists of a name, scan frequency, and the targets from which P0 will collect data

  • Detection - A match for a monitor query on a single scan

  • Finding - An evolving history of detections for a single query match, across multiple scans; findings also have a status and you may attach notes to a finding; statuses are:

    • Open - The finding has been detected in the latest scan

    • Ignored - The finding has been manually ignored by an assessment owner

    • Resolved - The finding was not detected in the latest scan

  • Monitor - A query that will run automatically on every scan; it also includes a description, severity, and any suggested remediation actions

  • Scan - A single data collection and analysis run for an environment

  • Target - A single system to be scanned; this is the integration and specification of what to scan; e.g. AWS accounts, Azure subscriptions, Google Cloud organizations, projects, or folders, Kubernetes clusters, or Okta or Workspace domains

  • Query - A search of a scan's data for a specific set of terms; a query is composed of a "show" part (describing what element of the IAM configuration to return) and a "where" part (describing conditions that the shown elements must match)

  • Query Result - A single match for a query; a query may return 0 or more results

Last updated