SeentySeenty Docs

Finding Lifecycle

Understand how security findings move through statuses, auto-resolution, deduplication, and bulk actions.

Finding Lifecycle

Every security finding in Seenty follows a structured lifecycle. Understanding how findings move through different states helps your team triage efficiently and maintain an accurate picture of your security posture.

Finding states

A finding is always in one of four states:

Open

A newly detected finding starts in the Open state. It requires attention from your team -- review the finding, assess the risk, and decide on next steps.

Open findings are included in all severity counts and dashboard metrics. They represent your current unresolved security debt.

Acknowledged

When your team is aware of a finding and is actively working on it (or has accepted the risk for now), move it to Acknowledged. This state signals that the finding has been reviewed and does not require repeat alerts.

Acknowledged findings are still tracked in your dashboard but are separated from Open findings, so you can focus on what has not yet been triaged.

Resolved

A finding moves to Resolved when the underlying issue has been fixed. This can happen in two ways:

  • Manual resolution -- A team member reviews the fix and marks the finding as Resolved.
  • Auto-resolution -- If the finding is not detected in subsequent scans, Seenty automatically resolves it (see Auto-resolution below).

Resolved findings are removed from active counts but remain in your finding history for auditing and trend analysis.

False Positive

If a finding is not a real security issue -- for example, a test API key in a documentation file or a placeholder value in an example config -- mark it as False Positive.

False Positive findings are:

  • Excluded from severity counts and metrics.
  • Hidden from default views (you can filter to show them).
  • Not re-reported in future scans (the specific finding is suppressed).

Use False Positive status carefully. If you are unsure whether something is a real issue, leave it as Open or Acknowledged while you investigate.

Changing finding status

To change the status of a finding:

  1. Navigate to Security Posture and select the relevant category (Misconfigurations, Vulnerabilities, or Secrets).
  2. Click on a finding to open its detail view.
  3. Use the status dropdown to select the new state.
  4. The change takes effect immediately and is reflected in all dashboards and counts.

Auto-resolution

Seenty automatically resolves findings that are no longer detected in subsequent scans. The behavior differs by finding source:

SourceAuto-resolution behavior
Domain findingsResolved on the next scan if the issue is no longer present. For example, if you add a missing SPF record, the finding will resolve after the next nightly scan or manual rescan.
Repository findingsResolved after 7 days of not being detected. This grace period accounts for the fact that repository scans may not run on a fixed schedule.
Cloud findings (AWS/Azure)Resolved on the next scan if the misconfiguration has been corrected.

If you fix an issue and want the finding resolved immediately, trigger a manual rescan from the asset detail page rather than waiting for the next scheduled scan.

Deduplication

Seenty tracks findings across multiple scans to avoid creating duplicate entries:

  • If the same issue is detected in consecutive scans, it is tracked as a single finding -- not duplicated.
  • The finding's "last seen" timestamp is updated, but its original detection date is preserved.
  • If a previously resolved finding reappears in a new scan, it is reopened (moved back to Open) rather than creating a new entry.

This means your finding count accurately reflects the number of distinct issues, not the number of times they were scanned.

Bulk actions

When you need to manage many findings at once, use bulk actions:

  1. Navigate to the findings list in any Security Posture category.
  2. Use the checkboxes to select multiple findings, or use Select All to select all visible findings.
  3. Choose an action from the bulk actions toolbar:
    • Acknowledge -- Move all selected findings to Acknowledged.
    • Resolve -- Mark all selected findings as Resolved.
    • Mark as False Positive -- Suppress all selected findings.

Bulk actions are useful for:

  • Acknowledging a set of known low-risk findings after an initial security review.
  • Resolving findings in bulk after a major remediation effort.
  • Marking a batch of false positives from a scan that detected test data.

Dashboard metrics

The Security Posture overview displays stat cards that give you a quick summary:

MetricWhat it shows
OpenTotal findings currently in Open state, requiring attention.
CriticalOpen findings with Critical severity -- your highest priority.
AcknowledgedFindings your team is aware of and tracking.
ResolvedFindings that have been fixed (lifetime count or within a time period).

These metrics update in real time as findings are created, triaged, and resolved. Use the trend charts to track whether your security posture is improving over time.

Secrets

Learn how Seenty detects leaked credentials, API keys, and tokens in your code repositories.

Integrations

Connect notification channels and third-party services to your Seenty workspace.

On this page

Finding LifecycleFinding statesOpenAcknowledgedResolvedFalse PositiveChanging finding statusAuto-resolutionDeduplicationBulk actionsDashboard metrics