The Vulnerabilities page gathers and displays all findings from both the Surface Monitoring and the Application Scanning engines in one place, and provides a more holistic overview of the current status of your attack surface. From here you can view, sort, filter and export your findings.
You can use the columns to sort your findings in the order that helps you best. You can also move, resize, hide and pin columns so that you can focus on the data that is most important to you by dragging and dropping them where you want them, or clicking on the headers to hide or pin them.
The page includes filters that let you specify what you want to focus on, including level of severity, which domains you want to look at, and whether it was found in the past week or the past month. You can combine different filters to create a view of the most critical issues that you want to remediate, or all issues on a particular asset, etc.
Save filters for easy reporting
You can save filters and then export them for easy reporting, or for convenience if you know you always want to view your data the same way.
Tagging findings as False Positive, Accepted Risk or Fixed - or with your own tags
Tags can be applied to both your Application Scan as well as your Surface Monitoring findings. You can also mark more than one type of finding as False Positive.
Marking a finding as a False Positive lets you send a report to our security researchers about why this particular test is a false positive in your environment. Our Security Team looks at the aggregated FP report data to implement module improvements.
The other two tags (Accepted Risk, Fixed) are more of a function to let you mark up issues with statuses relevant to your workflow.
All the issues tagged with statuses as above are visible in the left-hand menu.
You can also tag issues with your own tags. You can go back and view all the issues you added tags to by filtering on the Tags column.
Frequently Asked Questions:
How do I sort the findings?
You can sort by all columns except the Asset column, and you sort by clicking the arrow that appears if you hover over the column name.
Can I select all of the vulnerabilities at once?
You can select all the vulnerabilities that are on the first page by clicking the checkbox at the top of the page. Increase the number of rows if you would like to select more than the default amount of vulnerabilities that are shown.
Will my saved filters still be in place?
When the saved filters functionality is implemented in the new table, you'll have to migrate your saved filters by yourself. If you need any help, please reach out to firstname.lastname@example.org.
How do filters work?
You use the filters by clicking on the three dots in a column or the Filter button on the right. You can combine several operators (like severity or asset) and select one or more parameters (like critical and high severity and three of your most important assets).
Can I change number of rows?
You can change the number of rows at the bottom of the page.
How do I move columns?
You drag and drop them where you want them.
Can I pin a column to the left or the right?
Yes, just click the three dot menu next to the column name and select "Pin to left" or "Pin to right".
The content looks too dense, can I change to a bigger and more spacious design?
Yes, by clicking the three dot menu in the top righthand corner and choosing a different display.
How do I export my results?
You click the three dot menu on the right, choose your format (currently .csv or json is available) and then click Create Export. When your export has been created, you can download it.
Are there going to be more changes in the future?
The table will change as we add more functionality and more security issues. The focus is to enable users with large attack surfaces to easily view, prioritise and export their data.
How do I send feedback if I want to suggest a new functionality or improvement?
I prefer the old table, can I still use that?
You can! It's available here