What are Detections?

This guide explains what Detections are, how they are created, and what information they contain.

Overview

A Detection is not a breach or a security incident. A Detection represents a security issue, misconfiguration, or vulnerability that the OneClickComply platform has identified and logged.

How Detections Are Created

Detections are created when a scan identifies an issue with the scan subject. The sequence is as follows:

  1. The OneClickComply platform conducts a scan. This could be a scan against a specific integration (e.g. Microsoft 365 or AWS), a penetration test against an API or website, or a vulnerability check on a device.

  2. Each scan consists of individual tests - specific checks such as "Is multi-factor authentication enforced for all admin accounts?", "Is device encryption enabled?", or “Is Cross-site scripting prevented?”

  3. Any test that fails automatically produces a Detection.

  4. The Detection is then categorised based on the severity of the issue, and the original source (e.g. from a penetration test)

What a Detection Contains

Each Detection carries a set of properties that describe the issue and its context:

Property What It Means

Category

The area where the issue occurs, such as patching, infrastructure, cloud directory, or vulnerability.

Severity

How serious the issue is: critical, high, medium, low, or info.

Status

Where the Detection sits in the resolution lifecycle: open, in progress, resolved, ignored, or accepted.

SLA status

Whether resolution is on track, at risk, or breached relative to the expected fix timeframe.

Source

The integration, connection, scan, or test that produced the Detection.

Affected asset

The specific device, server, or resource that is impacted.

Linked controls

The compliance controls (such as SOC 2 CC6.1 or ISO 27001 A.8.1) that the Detection relates to. For organisations working toward a certification, this linkage shows which requirements are affected by the issue.

Owner

The team member assigned to resolve the Detection.

AI suggestion

An AI-generated recommendation for how to address the issue.

For Detections in the vulnerability category, two additional properties are included: the CVE identifier (a standardised reference number for the specific vulnerability) and the CVSS score (a numeric severity rating).