The Vulnerabilities page gathers and displays all findings from both the Surface Monitoring and the Application Scanning engines in one place and provides a more holistic overview of the current status of your attack surface.
From here, you can view, sort, filter, and export your findings. Vulnerabilities are listed alongside key information such as the vulnerability name, the affected endpoint, the CVSS score, and the associated severity. While the CVSS score is a helpful indicator, we understand that risk assessment can't rely solely on this metric.
The status column indicates whether a vulnerability is active, a regression, or something else, which you can discover by exploring further. The "Asset" column shows the apex domain associated with each vulnerability. You have the option to tag vulnerabilities with custom labels for easier tracking or reminders.
The "Scan Source" reveals whether the vulnerability was detected through Surface Monitoring or Application Scanning, and "Last Seen" and "First Found" dates offer temporal insights into each vulnerability's discovery and recurrence.
Columns
You can use the columns to sort your findings in the order that helps you best. You can also move, resize, hide, and pin columns to focus on the data that is most important to you by dragging and dropping them where you want them or clicking on the headers to hide or pin them.
Filters
The page includes filters that let you specify what you want to focus on, including level of severity, which domains you want to look at, and whether it was found in the past week or the past month. You can combine different filters to create a view of the most critical issues that you want to remediate, or all issues on a particular asset, etc.
Save filters for easy reporting
You can save filters and export them for easy reporting or convenience if you know you always want to view your data the same way.
Tagging findings as False Positive, Accepted Risk, or Fixed - or with your own tags
Tags can be applied to your Application Scan and your Surface Monitoring findings. You can also mark more than one type of finding as False Positive.
Marking a finding as a False Positive lets you send a report to our security researchers about why this particular test is a false positive in your environment. Our Security Team looks at the aggregated FP report data to implement module improvements.
The other two tags (Accepted Risk, Fixed) are more of a function to let you mark up issues with statuses relevant to your workflow.
All the issues tagged with statuses as above are visible in the left-hand menu.
You can also tag issues with your own tags. You can go back and view all the issues you added tags to by filtering them in the Tags column.
Frequently Asked Questions:
How do I sort the findings?
You can sort by all columns except the Asset column, and sort by clicking the arrow that appears if you hover over the column name.
Can I select all of the vulnerabilities at once?
You can select all the vulnerabilities on the first page by clicking the checkbox at the top of the page. Increase the number of rows if you would like to select more than the default number of vulnerabilities shown.
Will my saved filters still be in place?
When the saved filters functionality is implemented in the new table, you'll have to migrate your saved filters by yourself. If you need any help, please reach out to support@detectify.com.
How do filters work?
You use the filters by clicking the three dots in a column or the Filter button on the right. You can combine several operators (like severity or asset) and select one or more parameters (like critical and high severity and three of your most important assets).
Can I change the number of rows?
You can change the number of rows at the bottom of the page.
How do I move columns?
You drag and drop them where you want them.
Can I pin a column to the left or the right?
Yes, just click the three dot menu next to the column name and select "Pin to left" or "Pin to right".
The content looks too dense. Can I change to a bigger and more spacious design?
Yes, by clicking the three dot menu in the top righthand corner and choosing a different display.
How do I export my results?
You click the three dot menu on the right, choose your format (currently .csv or json is available) and then click Create Export. You can download your export when it has been created.
Are there going to be more changes in the future?
The table will change as we add more functionality and security issues. The focus is on enabling users with large attack surfaces to easily view, prioritize, and export their data.
How do I send feedback if I want to suggest a new functionality or improvement?
Email support@detectify.com.
I prefer the old table, can I still use that?
You can! It's available here