Asset Details - API Findings Tab

The API Findings tab provides a list of the vulnerabilities that have been identified for this API.

asset api findings tab
Field No. Field Name Description

1

Filter

Results on this page can be filtered to show only specific classes of vulnerabilities, specific ratings, or particular vulnerability statuses (e.g. open or closed).

2

Vulnerability List

For each vulnerability, the following is provided:

  • A unique Vuln ID that identifies that particular vulnerability

  • The vulnerability Rating (low, medium, high, or critical)

  • The the vulnerability Class

  • The Status (open/closed) of the vulnerability. In the example screenshot, the finding also has a no access symbol beside Open, which means that the finding is open, but currently unreachable. To understand more about this status, please refer to Unreachable Findings.

  • The dates on which the vuln was Last Opened

  • The dates on which the vuln was Last Closed

  • The dates on which the vuln was Last Retested

  • If a retest is available, you can click on Retest for the specific vulnerability to retest it.

3a, 3b and 4

Vulnerability selection & Bulk Actions

For each vulnerability use the checkboxes to the left (3a) to select multiple vulnerabilities. Alternatively if you want to select all vulnerabilities in the list, use the master checkbox (3b). Then use the Bulk Actions (4) button to Retest Vulnerability, Customize Vulnerability or Change Vulnerability Status for all selected vulnerabilities.

5

Refresh Retest Status

Selecting the Refresh Retest Status enables a user to check whether a previously requested retest has been completed or not.

6

Export CSV

You can export the information from the vulnerability list to a CSV file using this button.

7

Show CVSS Score

View your CVSS score here. For more details about CVSS scores, refer to CVSS.

8

Quick Actions

View Attack Vector information, view or add Vulnerability Tags and view or add Attack Vector Notes. For more details on these, please refer to the next section.

Quick Actions

Below each vulnerability you will see the "Quick Actions" that are available:

  • View attack vectors

    quick actions view attack vectors
  • View or add attack vector notes

    quick actions attack vector notes
  • View or add tags for this vulnerability

    quick actions vuln tags
  • Customize Vulnerability

    quick action customize vulnerability
    1. Select Change Customization to create custom policies and apply them to individual assets.

      quick action customize vulnerability 2
    2. Select Accept vulnerabilities to hide the vulnerability from all findings and scan results or, select Remove customizations to accept the original vulnerability rating and clear any custom ratings.

    3. Select the Risk Rating you want the vulnerability to be classed under.

    4. Customize the multiple CVSS criteria by selecting the appropriate radio button for each section.

    5. Optionally, add a reason for the customization in the text field.

    6. To keep all customizations made to the vulnerability, select Save.