Manage and remediate issues
Stay organized with collections Save and categorize content based on your preferences.

Required roles

To get the permissions that you need to work with issues, ask your administrator to grant you the following IAM roles on the organization:

To view issues, one of the following roles:
- Security Center Findings Viewer (roles/securitycenter.findingsViewer)
- Security Center Issues Viewer (roles/securitycenter.issuesViewer)
To view, mute, and unmute issues: Security Center Issues Editor (roles/securitycenter.issuesEditor)

For more information about granting roles, see Manage access to projects, folders, and organizations.

These predefined roles contain the permissions required to work with issues. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to work with issues:

To view issues:
- securitycenter.issues.get
- securitycenter.issues.list
- securitycenter.issues.group
- securitycenter.issues.listFilterValues
To mute and unmute issues: securitycenter.issues.mute

You might also be able to get these permissions with custom roles or other predefined roles.

View issues

You can find issues in two places in the Security Operations console:

The Risk > Overview page. This page shows an at-a-glance view of the top risks found in your cloud environments, including issues.
The Risk > Issues page, which lists all issues found in your cloud environments. It also provides greater detail on each of the issues, including how to remediate them.

To view all issues in the Security Operations console, go to Issues:

https://CUSTOMER_SUBDOMAIN.backstory.chronicle.security/security-command-center/issues

Replace CUSTOMER_SUBDOMAIN with your customer-specific identifier.

To view individual issues, expand a detection group, and then click one of the issues in the group. The issue's details panel opens, which contains the following elements:

A summary of the issue.
An interactive attack path or evidence diagram.
Findings related to the issue.
A How to fix tab, which provides remediation steps.
For toxic combinations and chokepoints (Preview), an Exposed valued resources tab, which lists the high-valued resources that are affected by the issue.
For security graph insights, an Impacted Resources tab, which lists the resources that contribute to the issue. This tab displays if more than six resources contribute to an issue.
A JSON tab, which provides the issue data in JSON format.

To step between issues in the queue, click the arrow icons next to the Take Actions button.

Remediate issues

To remediate an issue, complete the following instructions:

To view all issues in the Security Operations console, go to Issues:
```
https://CUSTOMER_SUBDOMAIN.backstory.chronicle.security/security-command-center/issues
```
Replace CUSTOMER_SUBDOMAIN with your customer-specific identifier.
By default, grouped issues are ranked by severity. Within the group, the issues are ranked by attack exposure score. To sort all issues by attack exposure score instead, disable Group by detections.
Select an issue.
Review the issue's description and evidence.
If there are related findings, view their details.
If multiple critical issues are found on a primary resource in a toxic combination or chokepoint (Preview), a message displays after the Evidence diagram. To optimize your remediation efforts, click Filter issues for this primary resource in this message to focus on resolving issues for that specific resource. Click the back arrow near Add filter when you want to remove the filter.
Click Explore full attack paths in the Evidence diagram for an in-depth understanding of the issue, and how the attack paths expose high-value resources.
Click How to fix, and follow the guidance to help mitigate the risk.

Accept and mute an issue's risk

If the risk that's posed by an issue is acceptable to your business or you can't remediate it, you can choose to accept it. This tags the issue as an accepted risk, and records who accepted it and when. You can only accept the risk for individual issues, not entire detections.

To accept an issue's risk, complete the following steps:

Open an issue's details panel.
Click Take Actions.
Click Accept Risk.
Enter the reason why you are accepting the risk, and then click Accept Risk.

After you have accepted an issue's risk, it can take a few minutes for this to be reflected in the issues list. After this, the issue won't show in the list with the default filters applied.

View issues with accepted risk

To view issues with accepted risk, click Add filter, and add a Risk accepted filter with a value of Yes.

Revive an issue

To undo accepting an issue's risk, complete the following steps:

Filter the view by accepted risk.
Open the issue's details panel.
Click Take Actions.
Click Revive Risk.
Enter the reason why you are reviving the risk, and then click Revive Risk.