Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: rhacs, rhacs-policy
Labels:
None

Target Version:
None
Activity Type:
Product / Portfolio Work
Status Summary:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Products:
None
Hierarchy Progress Bar:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Review Complete:
None
PX Impact Score:
PX Impact Range:
None
PX Priority Data:
None
PX Technical Impact:
None
PX Technical Impact Notes:
None
PX Scheduling Request:
None

1. Proposed title of this feature request

RHACS: Add User Reference for Manual Violation Resolution

2. What is the nature and description of the request?

Currently, when a user manually marks a runtime violation (such as a process or network baseline violation) as "Resolved" in the Red Hat Advanced Cluster Security (RHACS) interface, the system does not record or display which user performed this action (it MIGHT be in the audit-logs, I could not verify this, but at least not directly visible in the GUI).

This enhancement requests that RHACS capture the user's identity (e.g., username) when a violation is manually resolved. Additionally a Comment/Reason comparable to what the Vulnerability Exception Process allows, might be helpfull

3. Why does the customer need this? (List the business requirements here)

Security Auditability & Compliance: To meet strict compliance and internal audit requirements, all security-related actions must be auditable. Knowing who resolves a security violation is a critical piece of the audit trail, parallel to knowing who created or modified a policy. This might already be covered with audit-logs.

Accountability: This feature establishes clear accountability within the SecOps team. If a violation is resolved incorrectly or prematurely, managers need to identify who took the action to provide feedback, training, or conduct a follow-up investigation.

Incident Response Context: During an active incident investigation or a post-mortem, knowing the full timeline of events is crucial. Seeing that "User_A resolved violation_X" provides essential context that is currently missing, helping teams understand the actions taken by colleagues.

Improved Team Collaboration: In environments with multiple security operators, this visibility prevents confusion and redundant work. An operator can quickly see who resolved a specific alert, rather than having to ask the team.

4. List any affected packages or components

RHACS Portal (UI):

- The frontend components for the "Violations" page under the Resolved Section.

Assignee:: Boaz Michaely

Reporter:: Steffen Lützenkirchen

Need Info From:: None

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/10/30 3:30 PM

Updated:: 2025/10/30 6:49 PM

Target start:: None

Target end:: None

Details

Description

1. Proposed title of this feature request

2. What is the nature and description of the request?

3. Why does the customer need this? (List the business requirements here)

4. List any affected packages or components

Attachments

Easy Agile Planning Poker

Activity

People

Dates