The Anatomy of an ARO

Introduction

This article details the elements that make up an ARO. For more information on what an ARO is and how to work with them, visit our Knowledge Base chapter on AROs.

This article covers the following topics:

The Elements of an ARO
Header
Details
Description
Compliance And Best Practices
Mitigation Steps
References
Activity

The example below shows an ARO being viewed. In the upper right, you can view it in full screen mode. The following section in this article will refer to ARO elements using full screen mode.

The Elements of an ARO

AROs are made up of the following elements:

Header
Description
Details
Compliance and Best Practices
Mitigation Steps
Supplemental Insights
Supplemental Data
References
Activity

Each element of an ARO can be expanded or collapsed. The example below shows an ARO being viewed in full screen, with all of the elements collapsed.

This section displays the ARO's title, as well as the Close ARO and Request Help buttons (see Working with AROs for more on this topic). You can also download the ARO as a PDF, exit or enter full screen, as well as manage and view watchers (See Watching & Assigning AROs for more on this topic).

Details

This section displays ARO’s “metadata”: the type, severity, status, organization, and timestamps. When in viewing an ARO in full screen mode, details are shown along the right of the view, as shown in the example below.

When viewing an ARO in the "split" view, the details pane is directly below the Header and above the Description. To learn more about ARO types and severities, see Getting to Know AROs.

Description

The description provides context to the security issue the ARO is reporting on. This is where you can get an understand of the issue that your organization is facing, as well as information and recommendations for addressing the issue that caused the ARO.

In the example below, the ARO is reporting on a suspected typo squat domain. The description includes a high-level description that is easy to understand; a domain was registered that is suspiciously similar to the organization's domain. This overview is followed by more detailed security context meant for the organization's IT team members, as well as recommendations to address the issue. Finally, there is a section on resolving the ARO.

It's important to note that, due to the unique nature of AROs, the description will vary from ARO to ARO.

Compliance And Best Practices

This section will not be visible until your organization enables Compliance and Best Practices in your Service Profile and selects frameworks that are meaningful to your organization.

Some AROs you receive may impact your organization’s compliance with a given framework. Field Effect can map AROs to related compliance controls and include information within the ARO on how it has a compliance impact. If enabled, AROs that affect your selected compliance framework(s) will include the framework and control that is impacted by the ARO.

In the example below, the ARO is reporting on a risky IoT device was discovered on the client's network. This impact's the organization's ISO 27001:2023 framework compliancy be impacting control A.13.1.3 - Segregation in Networks.

Mitigation Steps

This section provides clear and actionable steps to address the issue and resolve the ARO. Steps will vary from ARO to ARO, and you can check off each step as you complete them.

As you check or uncheck mitigation steps, every action is listed in the ARO's Activity feed.

References

When available, references to credible reports, support articles, or other relevant content will be included in this section.

Activity

In the Activity section, you can view the history (status changes, requests for helps, etc.) of the ARO, as well as make, and view, comments and notes.

To learn how to make comments or internal notes, and how the ARO’s history is presented, see ARO Activity: History Comments, and Notes.