Remediation
Turn discovery findings into fixes. Rivaro generates AI-powered remediation plans for infrastructure findings and walks you through execution step by step.
Overview
Discovery surfaces security findings — misconfigurations, exposed credentials, public MCP endpoints, shadow AI infrastructure. Remediation turns those findings into actionable plans.
Rivaro offers two remediation modes:
- Plan generation — AI generates a step-by-step remediation plan for a finding
- Copilot — an interactive AI assistant that guides you through executing the plan
Remediation Statuses
| Status | Meaning |
|---|---|
NONE | No remediation activity yet |
REMEDIABLE | Finding can be remediated — plan not yet generated |
PLAN_AVAILABLE | AI-generated remediation plan is ready to review |
EXECUTION_IN_PROGRESS | Remediation is actively being executed via the copilot |
SUCCESS | Remediation completed successfully |
FAILED | Remediation attempt failed |
Generating a Plan
Click Fix on any finding in the Discovery dashboard, or use the API:
POST /api/discovery/findings/{findingId}/generate-plan
Plan generation streams progress in real time:
GET /api/discovery/findings/{findingId}/generate-plan/progress
Generation stages
- Complexity assessment — AI analyzes the finding's risk and complexity
- Plan generation — AI generates step-by-step remediation instructions
- Parsing — structured plan is extracted from AI output
- Validation — plan is validated and saved to the finding record
Remediation Plan Structure
| Field | Description |
|---|---|
summary | One-line description of what this plan fixes |
riskLevel | LOW, MEDIUM, HIGH, or CRITICAL |
estimatedTime | How long the fix should take |
reversible | Whether changes can be rolled back |
downtime | Whether the fix requires downtime |
requiredPermissions | IAM permissions needed to execute |
steps | Ordered list of remediation steps (see below) |
Step structure
| Field | Description |
|---|---|
action | Human-readable description of this step |
description | Detailed explanation of why and how |
service | Cloud service involved (e.g. s3, ec2, iam) |
method | SDK method or CLI command |
parameters | Required parameters for the method |
permissions | IAM permissions required for this step |
Remediation Copilot
The copilot is an AI assistant that guides you through executing a remediation plan interactively. It explains each step, answers questions, provides CLI examples, and helps you validate actions as you complete them.
Starting a copilot session
POST /api/discovery/findings/{findingId}/start-copilot
This returns a sessionId. Use it to send messages:
POST /api/discovery/findings/execution-sessions/{sessionId}/message
{
"message": "I don't have the s3:PutBucketPolicy permission. What should I do?"
}
The copilot maintains context across the conversation — it knows which steps you've completed and which are pending.
Copilot session fields
| Field | Description |
|---|---|
sessionId | Copilot session identifier |
findingId | The finding being remediated |
plan | The remediation plan object |
messages | Full conversation history |
state | active, completed, or failed |
hasCredentials | Whether AWS credentials are configured for this session |
Group Remediation
When multiple findings are related — for example, several S3 buckets with the same misconfiguration — you can remediate them together. Group remediation generates a single coordinated plan that addresses all findings at once, more efficiently than fixing each one individually.
# Generate a plan for a group of findings
POST /api/discovery/findings/bulk-generate-plan
{
"findingIds": ["finding_abc", "finding_def", "finding_ghi"]
}
Group plans include coordinatedSteps — steps that address multiple findings simultaneously, reducing total execution time.
AI Dispatcher
With many open findings, the AI dispatcher helps you prioritize. It analyzes your full finding inventory and recommends:
- Groups — findings that should be fixed together
- Recommended order — execution sequence that minimizes risk and dependencies
- Quick wins — low-effort, high-impact fixes to do first
- Parallelization — which groups can be fixed simultaneously without conflict
GET /api/discovery/findings/remediation-recommendations
Tracking Progress
Finding remediation status is updated as execution proceeds:
# Get the current remediation plan for a finding
GET /api/discovery/findings/{findingId}/remediation-plan
The finding's remediationStatus field reflects the current state, and remediatedAt is set when the fix is marked complete.
Ignoring Findings
If a finding is a false positive or accepted risk, you can ignore it rather than remediate it. Ignored findings are removed from active counts but preserved in history with the reason recorded.
Next steps
- Discovery & Shadow AI — How findings are created
- Asset Management — Manage assets once findings are resolved
- Compliance Reporting — Track remediation progress in compliance reports