> ## Documentation Index
> Fetch the complete documentation index at: https://docs.prowler.com/llms.txt
> Use this file to discover all available pages before exploring further.

<AgentInstructions>

## Submitting Feedback

If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:

POST https://docs.prowler.com/feedback

```json
{
  "path": "/user-guide/tutorials/prowler-app-finding-groups",
  "feedback": "Description of the issue"
}
```

Only submit feedback when you have something specific and actionable to report.

</AgentInstructions>

# Finding Groups

> Organize and triage security findings by check to reduce noise and prioritize remediation effectively.

export const VersionBadge = ({version}) => {
  return <a href={`https://github.com/prowler-cloud/prowler/releases/tag/${version}`} target="_blank" rel="noopener noreferrer" className="version-badge-link">
            <span className="version-badge-container">
                <span className="version-badge">
                    <span className="version-badge-label">Added in:</span> 
                    <span className="version-badge-version">{version}</span>
                </span>
            </span>
        </a>;
};

<VersionBadge version="5.23.0" />

Finding Groups transforms security findings triage by grouping them by check instead of displaying a flat list. This dramatically reduces noise and enables faster, more effective prioritization.

## Triage Challenges with Flat Finding Lists

A real cloud environment produces thousands of findings per scan. A flat list makes it impossible to triage effectively:

* **Signal buried in noise**: the same misconfiguration repeated across 200 resources shows up as 200 rows, burying the signal in repetitive data
* **Prioritization guesswork**: without grouping, understanding which issues affect the most resources requires manual counting and correlation
* **Tedious muting**: muting a false positive globally requires manually acting on each individual finding across the list
* **Lost context**: when investigating a single resource, related findings are scattered across the same flat list, making it hard to see the full picture

## How Finding Groups Addresses These Challenges

Finding Groups addresses these challenges by intelligently grouping findings by check.

### Grouped View at a Glance

Each row represents a single check title with key information immediately visible:

* **Severity** indicator for quick risk assessment
* **Impacted providers** showing which cloud platforms are affected
* **X of Y impacted resources** counter displaying how many resources fail this check

For example, `Vercel project has the Web Application Firewall enabled` across every affected project collapses to a single row — not one per project. Sort or filter by severity, provider, or status at the group level to triage top-down instead of drowning in per-resource rows.

<img src="https://mintcdn.com/prowler/RCPCu35humZdpDTy/images/finding-groups-list.png?fit=max&auto=format&n=RCPCu35humZdpDTy&q=85&s=2dd9a16093d540a15ff5635ac1b6f32d" alt="Finding Groups list view" width="2722" height="1698" data-path="images/finding-groups-list.png" />

### Expanding Groups for Details

Expand any group inline to see the failing resources with detailed information:

| Column          | Description                                        |
| --------------- | -------------------------------------------------- |
| **UID**         | Unique identifier for the resource                 |
| **Service**     | The cloud service the resource belongs to          |
| **Region**      | Geographic region where the resource is deployed   |
| **Severity**    | Risk level of the finding                          |
| **Provider**    | Cloud provider (AWS, Azure, GCP, Kubernetes, etc.) |
| **Last Seen**   | When the finding was last detected                 |
| **Failing For** | Duration the resource has been in a failing state  |

<img src="https://mintcdn.com/prowler/RCPCu35humZdpDTy/images/finding-groups-expanded.png?fit=max&auto=format&n=RCPCu35humZdpDTy&q=85&s=35d2da4ae3249302670a4db6a2485637" alt="Finding Groups expanded view" width="2716" height="484" data-path="images/finding-groups-expanded.png" />

### Resource Detail Drawer

Select any resource to open the detail drawer with full finding context:

* **Risk**: the security risk associated with this finding
* **Description**: detailed explanation of what was detected
* **Status Extended**: additional status information and context
* **Remediation**: step-by-step guidance to resolve the issue
* **View in Prowler Hub**: direct link to explore the check in Prowler Hub
* **Analyze This Finding With Lighthouse AI**: one-click AI-powered analysis for deeper insights

<img src="https://mintcdn.com/prowler/RCPCu35humZdpDTy/images/finding-groups-drawer.png?fit=max&auto=format&n=RCPCu35humZdpDTy&q=85&s=1877d1ada5b344ca0a61e93fda0baf36" alt="Finding Groups resource detail drawer" width="2836" height="1894" data-path="images/finding-groups-drawer.png" />

### Bulk Actions

Bulk-mute an entire group instead of chasing duplicates across the list. This is especially useful for:

* Known false positives that appear across many resources
* Findings in development or test environments
* Accepted risks that have been documented and approved

<Warning>
  Muting findings does not resolve underlying security issues. Review each finding carefully before muting to ensure it represents an acceptable risk or has been properly addressed.
</Warning>

## Other Findings for This Resource

Inside the resource detail drawer, the **Other Findings For This Resource** tab lists every finding that hits the same resource — passing, failing, and muted — alongside the one currently being reviewed.

<img src="https://mintcdn.com/prowler/RCPCu35humZdpDTy/images/finding-groups-other-findings.png?fit=max&auto=format&n=RCPCu35humZdpDTy&q=85&s=3f184fb676ab23dd5dbc8161ceb238db" alt="Other Findings For This Resource tab" width="1702" height="1890" data-path="images/finding-groups-other-findings.png" />

### Why This Matters

When reviewing "WAF not enabled" on a Vercel project, the tab immediately shows:

* Skew protection status
* Rate limiting configuration
* IP blocking settings
* Custom firewall rules
* Password protection findings

All for that same project, without navigating back to the main list and filtering by resource UID.

### Complete Context Within the Drawer

Pair the Other Findings tab with:

* **Scans tab**: scan history for this resource
* **Events tab**: changes and events over time

This provides full context without leaving the drawer.

## Best Practices

1. **Start with high severity groups**: focus on critical and high severity groups first for maximum impact.
2. **Use filters strategically**: filter by provider or status at the group level to narrow the triage scope.
3. **Leverage bulk mute**: when a finding represents a confirmed false positive, mute the entire group at once.
4. **Check related findings**: review the Other Findings tab to understand the full security posture of a resource.
5. **Track failure duration**: use the "Failing For" column to prioritize long-standing issues that may indicate systemic problems.

## Getting Started

1. Navigate to the **Findings** section in Prowler Cloud/App.
2. Toggle to the **Grouped View** to see findings organized by check.
3. Select any group row to expand and see affected resources.
4. Select a resource to open the detail drawer with full context.
5. Use the **Other Findings For This Resource** tab to see all findings for that resource.