Skip to content

RADAR Event state #1183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
+32 −0
Open

RADAR Event state #1183

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
122917c
Create event-workflow.mdx
camicano Oct 24, 2025
17663e4
Update docs-nav-data.json
camicano Oct 24, 2025
a2f76fc
Add files via upload
camicano Oct 24, 2025
2b61fbd
Rename event-state.png to radar-event-state-workflow.png
camicano Oct 24, 2025
af67432
Update event-workflow.mdx
camicano Oct 24, 2025
78f1179
Update content/hcp-docs/content/docs/vault-radar/manage/event-workflo…
camicano Oct 28, 2025
92ce958
Update event-workflow.mdx
camicano Oct 28, 2025
be635c5
Update event-workflow.mdx
camicano Oct 29, 2025
82c97b2
Update event-workflow.mdx
camicano Oct 29, 2025
370c2d1
Delete content/hcp-docs/img/docs/vault-radar/radar-event-state-workfl…
camicano Oct 29, 2025
e0f1f63
Add files via upload
camicano Oct 29, 2025
8c43998
Rename Screenshot 2025-10-29 .png to radar-event-state-workflow.png.png
camicano Oct 29, 2025
f9dc2a4
Rename radar-event-state-workflow.png.png to radar-event-state-workfl…
camicano Oct 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions content/hcp-docs/content/docs/vault-radar/manage/event-workflow.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
page_title: HCP Vault Radar event workflow
description: >-
HCP Vault Radar event workflow and its states
Copy link
Contributor

@kathytong-hashicorp kathytong-hashicorp Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Do we need to change the terminology to status? I see state used a bunch in this page 😅

---


# Vault Radar Events

HCP Vault Radar creates an event each time it finds content that matches the criteria of a secret type or a custom expression. Events provide context for remediation and allow security teams to keep track of its progress.

You can track the remediation of findings using event states which can be set automatically or by a user.


## Event status

- **New** - the default state when HCP Vault Radar creates a new event
Copy link
Contributor

@kathytong-hashicorp kathytong-hashicorp Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: the default status?

- **Notified** - set automatically when Radar sends an alert or notification. This state cannot be set manually
- **To Remediate** - set by a developer to confirm that the event needs to be remediated
- **Secret Stored** - set automatically when a developer triggers a remediation action, though developers can set it manually as well. To learn more about [remediation actions](../remediate-secrets/copy-secrets)
- **Secret Revoked** - set by a developer to confirm they revoked the secret value.
- **Resolved** - set by a developer to confirm remediation is complete
- **False Positive** - set by a developer to confirm the event is a false positive
- **Ignore Rule** - set automatically when a developer uses the inline ignore rule or sets an ignore rule within a repo via YAML file. To learn more about [inline ignore rules](./write-inline-ignore-rules).
Copy link
Contributor

@kathytong-hashicorp kathytong-hashicorp Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Should we also add that Ignore Rule can't be set manually too? I saw it was called out for Notified ?

- **Not Important** - sets automatically when an event meets a global ignore rule's criteria. To learn more about [global ignore rules](./write-global-ignore-rules).
Copy link
Contributor

@kartheek-hc kartheek-hc Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Users can also set the event status to Not Important manually right. I think it would be nice to distinguish between False Positive and Not Important using an example to avoid any confusion

Copy link
Contributor

@kathytong-hashicorp kathytong-hashicorp Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And do we include any more information around other times we automatically put it in Not Important status? We have a list in the code, but includes when the secret is in a test file, in a readme file, etc

Copy link
Contributor

@kartheek-hc kartheek-hc Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, there should be a corresponding tag in the event details when we automatically set it to Not Important


![Diagram showing the event workflow for Vault Radar](/img/docs/vault-radar/radar-event-state-workflow.png)

4 changes: 4 additions & 0 deletions content/hcp-docs/data/docs-nav-data.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -944,6 +944,10 @@
{
"title": "Risk Severity",
"path": "vault-radar/manage/severity"
},
{
"title": "Event workflow and states",
"path": "vault-radar/manage/event-workflow"
},
{
"title": "Select event rules",
Expand Down
Binary file added content/hcp-docs/img/docs/vault-radar/radar-event-state-workflow.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading