Finding Groups transforms security findings triage by grouping them by check instead of displaying a flat list. This dramatically reduces noise and enables faster, more effective prioritization.
Triage Challenges with Flat Finding Lists
A real cloud environment produces thousands of findings per scan. A flat list makes it impossible to triage effectively:
- Signal buried in noise: the same misconfiguration repeated across 200 resources shows up as 200 rows, burying the signal in repetitive data
- Prioritization guesswork: without grouping, understanding which issues affect the most resources requires manual counting and correlation
- Tedious muting: muting a false positive globally requires manually acting on each individual finding across the list
- Lost context: when investigating a single resource, related findings are scattered across the same flat list, making it hard to see the full picture
How Finding Groups Addresses These Challenges
Finding Groups addresses these challenges by intelligently grouping findings by check.
Grouped View at a Glance
Each row represents a single check title with key information immediately visible:
- Severity indicator for quick risk assessment
- Impacted providers showing which cloud platforms are affected
- X of Y impacted resources counter displaying how many resources fail this check
For example, Vercel project has the Web Application Firewall enabled across every affected project collapses to a single row — not one per project. Sort or filter by severity, provider, or status at the group level to triage top-down instead of drowning in per-resource rows.
Expanding Groups for Details
Expand any group inline to see the failing resources with detailed information:
| Column | Description |
|---|
| UID | Unique identifier for the resource |
| Service | The cloud service the resource belongs to |
| Region | Geographic region where the resource is deployed |
| Severity | Risk level of the finding |
| Provider | Cloud provider (AWS, Azure, GCP, Kubernetes, etc.) |
| Last Seen | When the finding was last detected |
| Failing For | Duration the resource has been in a failing state |
Resource Detail Drawer
Select any resource to open the detail drawer with full finding context:
- Risk: the security risk associated with this finding
- Description: detailed explanation of what was detected
- Status Extended: additional status information and context
- Remediation: step-by-step guidance to resolve the issue
- View in Prowler Hub: direct link to explore the check in Prowler Hub
- Analyze This Finding With Lighthouse AI: one-click AI-powered analysis for deeper insights
Bulk Actions
Bulk-mute an entire group instead of chasing duplicates across the list. This is especially useful for:
- Known false positives that appear across many resources
- Findings in development or test environments
- Accepted risks that have been documented and approved
Muting findings does not resolve underlying security issues. Review each finding carefully before muting to ensure it represents an acceptable risk or has been properly addressed.
Other Findings for This Resource
Inside the resource detail drawer, the Other Findings For This Resource tab lists every finding that hits the same resource — passing, failing, and muted — alongside the one currently being reviewed.
Why This Matters
When reviewing “WAF not enabled” on a Vercel project, the tab immediately shows:
- Skew protection status
- Rate limiting configuration
- IP blocking settings
- Custom firewall rules
- Password protection findings
All for that same project, without navigating back to the main list and filtering by resource UID.
Complete Context Within the Drawer
Pair the Other Findings tab with:
- Scans tab: scan history for this resource
- Events tab: changes and events over time
This provides full context without leaving the drawer.
Best Practices
- Start with high severity groups: focus on critical and high severity groups first for maximum impact.
- Use filters strategically: filter by provider or status at the group level to narrow the triage scope.
- Leverage bulk mute: when a finding represents a confirmed false positive, mute the entire group at once.
- Check related findings: review the Other Findings tab to understand the full security posture of a resource.
- Track failure duration: use the “Failing For” column to prioritize long-standing issues that may indicate systemic problems.
Getting Started
- Navigate to the Findings section in Prowler Cloud/App.
- Toggle to the Grouped View to see findings organized by check.
- Select any group row to expand and see affected resources.
- Select a resource to open the detail drawer with full context.
- Use the Other Findings For This Resource tab to see all findings for that resource.
About Us