The vulnerabilities page allows you to see all findings across any scan profiles you have. For those users with Surface Monitoring enabled, these findings will also be shown.
The page includes simple filters that let you specify what you want to focus on, including level of severity, which domains you want to look at, and whether it was found in the past week or the past month. You can use the columns to sort your findings in the order that helps you best and even save your frequently used filters.
Tagging findings as False Positives, Accepted risk or Fixed
Tags can be applied to both your Application Scan as well as your Surface Monitoring findings. You can also mark more than one type of finding as False Positive.
Marking a finding as a False Positive lets you send a report to our security researchers about why this particular test is a false positive in your environment. Our Security Team looks at the aggregated FP report data to implement module improvements.
The other two tags (Accepted Risk, Fixed) are more of a function to let you mark up issues with statuses relevant to your workflow.
You can go back and view all your issues tagged with any of these by toggling the status view from "Open" to either of these statuses:
Saving a custom filter
Create and save your custom tags
Filter the vulnerabilities based on your preferences (e.g. custom tags, severity, date the vulnerability was found)
To save your filter configuration, click on the bookmark icon to the right
Since saved filters are shared within a team, your configurations will be available to all your team members.
Voila! You can now access the desired view by directly going to your saved filter configuration.
You can always delete & rename your saved filters from the settings view, accessible by clicking on the cogwheel icon in the top right corner
To remove a tag from a finding - choose the finding, open the "Tag as" bookmark, remove the tag and click on "Apply".
1. Can I add custom tags on the Findings Page?
Custom tags can only be added from the aggregated Vulnerabilities Page. We are not planning to add this feature to the Findings Page, however later this year we will most likely add support for custom tags in our public API.
2. Will my custom tags be visible in the Findings View as well?
No, custom tags are only visible on the Vulnerabilities Page, however in the future they will also be available via our API.
Going forward, this page will evolve in a co-creation process with our customers. If you have any feedback, share it with us at firstname.lastname@example.org!