Back to Website
  1. Knowledge Base
  2. Reports
  3. Findings' Tags

Tag your findings

Vendela Engblom
Modified on: Mon, 18 Jan, 2021 at 2:58 PM

If you wish to create your own filter configurations based on (for example) custom tags, you can do this from the aggregated findings overview. For details, see this article.


To structure your work with security and remediation, you can tag your findings with three different tags: FixedAccepted risk, and False positive.

Fixed

If you have fixed a vulnerability, you can mark the finding as fixed. If we detect the same vulnerability in a future scan, it will still show up in the report, but it will be tagged. This tag can be useful if you’d like to track the findings you are working with.

Accepted risk

If you are aware of certain vulnerabilities, but don’t want them to be reported as findings every time you run a scan, you can mark them with “Accepted risk”. This way, you won’t be notified about the vulnerability again and it will not be included in the Findings Count.

While marking findings as accepted risk can be handy if you are certain that they are not significant for your site’s security, this tag should be used carefully. If you are unsure, we recommend you drop us a line at support@detectify.com and we will help you out.     


False positive

This is a finding that appears to be a vulnerability, but actually isn’t one. If you believe you have identified a false positive, go to Findings, expand the tab with the relevant finding and tag it as a “False Positive”. We do not get back to customers with the outcome of the FP review, however submitted reports are always reviewed by our Vulnerability Test Developers who add the updates to future module releases.


When you mark a vulnerability as a false positive, it will no longer show up when you run a scan, and will thus not be included in the Findings Count. 



Once you have tagged the findings, we attempt to identify the tags from previous reports and inherit them in upcoming ones (so that you do not have to re-tag the same finding as false positive, accepted risk etc). That means that we should not flag the vulnerability anymore, unless we find a new path with the same vulnerability which will affect the score again. 


Video Tutorial



© 2023 detectify | Go hack yourself.