Vault Radar Events

HCP Vault Radar creates an event each time it finds content that matches the criteria of a secret type or a custom expression. Events provide context for remediation and allow security teams to keep track of its progress.

You can track the remediation of findings using event states which can be set automatically or by a user.

Event status

• New - the default state when HCP Vault Radar creates a new event
• Notified - set automatically when Radar sends an alert or notification. This state cannot be set manually
• To Remediate - set by a developer to confirm that the event needs to be remediated
• Secret Stored - set automatically when a developer triggers a remediation action, though developers can set it manually as well. To learn more about remediation actions
• Secret Revoked - set by a developer to confirm they revoked the secret value
• Resolved - set by a developer to confirm remediation is complete
• False Positive - set by a developer to confirm the event is a false positive
• Ignore Rule - set automatically when a developer uses the inline ignore rule or sets an ignore rule within a repo via YAML file. To learn more about inline ignore rules
• Not Important - set automatically when an event meets a global ignore rule's criteria. To learn more about global ignore rules
• Deleted - set automatically when an event is no longer relevant due to an improvement to Radar's detection algorhythm or due to a custom expression being deleted