Filtering and Search
The Action Centre can contain hundreds or thousands of findings across your AWS environment. Guardian Pro provides a comprehensive set of filtering, search, and lens tools to help you quickly isolate the findings that matter most to you right now.
Filters
Filters narrow the visible findings based on specific attributes. You can combine multiple filters simultaneously to create precise views.
Available Filters
| Filter | Options | Use Case |
|---|---|---|
| Severity | Critical, High, Medium, Low | Focus on the most impactful issues first. |
| Status | Active, Remediating, Remediated, Suppressed, Acknowledged, Rolling Back, Rolled Back, Rollback Failed | View only open issues, or review recently resolved items. |
| Service | EC2, S3, RDS, IAM, Lambda, and dozens more | Investigate a specific AWS service. |
| Region | All enabled AWS regions | Focus on resources in a specific geographic area. |
| Category | Security, Cost Optimization, Operational Excellence, Architecture | Drill into a particular domain. |
| Remediation Available | Yes / No | Show only findings that can be automatically fixed. |
Applying Filters
- Click the Filters panel at the top of the Action Centre.
- Select one or more filter values. The finding list updates immediately.
- Active filters are shown as tags. Click the x on any tag to remove that filter.
- Click Clear All to reset all filters.
When prioritizing remediation work, start with the filter combination Severity: Critical + Remediation Available: Yes. This shows you the most severe issues that can be fixed immediately with minimal effort.
Filter Persistence
Filters remain active as you navigate within the Action Centre (for example, when opening a finding's detail drawer and returning to the list). Filters reset when you leave the Action Centre page or switch accounts.
Lenses
While filters narrow results by attribute, lenses change the analytical perspective of the entire view. Lenses reorganize and re-prioritize findings to answer specific questions.
Available Lenses
All
The default view. Shows all findings sorted by severity (Critical first), then by age (newest first within each severity level). This is the most comprehensive view and a good starting point.
Cost Exposure
Ranks findings by their estimated financial impact. This lens is particularly useful for teams focused on cost optimization, as it surfaces the findings that represent the highest potential savings at the top.
Not all findings have a direct cost impact. Security-only findings will appear lower in the Cost Exposure lens since they do not have an associated dollar value.
Debt Age
Sorts findings by how long they have been open, with the oldest findings first. This lens helps you identify and address accumulated technical or security debt -- findings that have been lingering in your environment without resolution.
Long-standing findings often indicate systemic issues or areas where teams have deprioritized security and operational hygiene. The Debt Age lens brings these to the surface.
Quick Wins
Surfaces findings that can be resolved quickly with low risk and minimal effort. Guardian Pro determines Quick Wins based on:
- Automated remediation is available.
- The remediation risk level is low.
- The change is straightforward and reversible.
This lens is ideal when you want to make rapid progress on your health score or resolve a batch of issues in a short time.
By Service
Groups findings by AWS service, showing the services with the most findings at the top. This view is useful for:
- Identifying which services have the most issues.
- Delegating work to service owners.
- Focusing a remediation sprint on a single service.
Each service group shows the count and severity breakdown of its findings, so you can quickly assess which services need the most attention.
Compliance
Maps findings to compliance framework controls. This lens is useful when you are preparing for an audit or working to close gaps in a specific framework (such as CIS AWS Foundations Benchmark or SOC 2).
Findings are grouped by the compliance control they relate to, with the control's pass/fail status shown alongside. For more on compliance, see the Compliance Dashboard.
Topology
Overlays findings on your infrastructure topology, showing how issues relate to your architecture. This view helps you understand the spatial distribution of findings and identify clusters of issues in specific parts of your infrastructure.
The Topology lens is particularly valuable when combined with the Architecture Advisor, as it provides architectural context for security and cost findings.
Search
The search bar at the top of the Action Centre allows you to find specific findings by text:
- Resource name or ID -- Search for findings affecting a specific resource.
- Finding title -- Search by the title of the finding.
- Check ID -- Search for a specific check across all resources.
- Description keywords -- Search for terms in the finding description.
Search works in combination with any active filters and the selected lens. For example, you can search for "encryption" while filtering by Severity: Critical to find all critical encryption-related findings.
Search is especially useful when you know the name of a specific resource and want to see all findings associated with it. Type the resource name or a portion of its ARN to quickly locate it.
Sorting
Within any lens or filter combination, you can sort the results by:
| Sort Option | Description |
|---|---|
| Severity | Critical first, then High, Medium, Low. (Default) |
| Newest First | Most recently detected findings at the top. |
| Oldest First | Longest-standing findings at the top. |
| Service | Alphabetically by AWS service name. |
Combining Filters, Lenses, and Search
Filters, lenses, and search are designed to work together. A typical workflow might look like:
- Select the Quick Wins lens to focus on easy resolutions.
- Filter by Service: S3 to focus on S3-specific quick wins.
- Search for "encryption" to find S3 encryption quick wins specifically.
This layered approach lets you start broad and progressively narrow your focus until you have exactly the set of findings you want to work on.
Cross-Page Navigation
Other Guardian Pro pages link into the Action Centre with pre-applied filters:
- Dashboard -- Clicking a severity badge opens the Action Centre filtered to that severity.
- Compliance Dashboard -- Clicking a failed control opens related findings with the Compliance lens active.
- Architecture Advisor -- Clicking on a detected risk opens associated findings.
- Cost Intelligence -- Clicking a cost recommendation links to the related cost finding.
These entry points automatically set the appropriate filters and lens, so you land in the right context without manual configuration.
Next Steps
- Smart Groups -- Learn how related findings are automatically grouped.
- Remediation -- Start fixing the findings you have identified.
- Bulk Actions -- Act on multiple findings at once.
- Action Centre Overview -- Return to the full overview.