# Triage Issues Efforts in security encompass continuous risk discovery and a dual-pronged approach of persistent risk reduction and resolution. Now that the initial setup of Shisho Cloud is complete, let's put the everyday workflow of grasping and resolving risks into practice. ## Identifying What Needs Attention After checking the inspection results produced by Shisho Cloud, take a look at the **Evaluation Results** section on your **Dashboard**. By default, this area lists important detection items (violations of policies) based on their priority level: ![](/docs/_md-assets/165d749286-finding.png) Here, you can learn about the following aspects of the identified security issues and recommendations: - The nature of the problems in detail - The related risks - Guidance and tips for remediation ## Determining a Triage Policy Once you have identified the detected security issues and recommendations, it's time to consider how to handle them. In Shisho Cloud, every newly detected item is always marked as **Awaiting Review**. From here, you can choose one of the following three strategies: - **Mark it for action** - **Accept the risk until a certain deadline** - **Accept the risk without any action**: ![](/docs/_md-assets/5ed2f2c582-triage-button.png) Upon selection, the detected item will transition to one of the following states: - **Awaiting Review** - **Action Required** - **Risk Accepted (With Deadline)** - **Risk Accepted (Indefinite)** It's best to distinguish between issues in the **Awaiting Review** and **Action Required** states, which your organization should actively address, and those in the **Risk Accepted** states, which can be set aside for now. :::info On the dashboard, where various statistics are shown, only items in the **Awaiting Review** and **Action Required** states are displayed. A separate dashboard is planned to display the total quantity of detected items where the risk has been accepted. ::: ## Sharing Triage Information via Notifications The process of triaging issues of a minimum urgency level or more, as specified in the [Notification Settings](/docs/g/getting-started/setup-notification.md), will also be sent to various destinations. **Example Slack Notification** ![](/docs/_md-assets/149b4d470c-notification-default-slack.png) **Example Email Notification** ![](/docs/_md-assets/d22fc520f6-notification-default-email.png) :::note In [the **Notification Workflow** editing page](https://cloud.shisho.dev/*/workflows/edit?wfid=notification-security), you can also narrow down triage notifications by editing the `triggers` section: ```yaml triggers: triage: # send notifications when... - event: [updated] status_changed_to: # the issue is calling your review. - awaiting_review # the issue is acknowledged, and no further action is expected. - acknowledged # the issue is flagged for your action. - action_required # the issue was resolved :tada: - secure # the resource with security issue(s) gets deleted. - deleted # send notifications on a finding that needs your action - event: [created] status_changed_to: - awaiting_review ``` For instance, if you want to receive notifications only when new risks are detected or when risks are mitigated by changes or removals, you can do so by editing the `triggers` section this way: ```yaml triggers: triage: # send notifications when... - event: [updated] status_changed_to: # the issue was resolved :tada: - secure # the resource with security issues gets deleted. - deleted # send notifications on a finding that needs your action - event: [created] status_changed_to: - awaiting_review ``` :::