Managing Findings

Effectively managing vulnerability findings is crucial for improving your security posture. This guide covers the complete findings workflow.

Findings Overview

Each finding includes:

Severity Rating

Critical, High, Medium, Low, Informational

Vulnerability Type

Category (XSS, SQLi, IDOR, etc.)

Evidence

Screenshots, requests, payloads

Remediation

Step-by-step fix guidance

Severity Levels

Level	Description	SLA Recommendation
Critical	Immediate exploitation risk, data breach potential	Fix within 24 hours
High	Significant security impact	Fix within 7 days
Medium	Moderate risk with mitigating factors	Fix within 30 days
Low	Minor security concern	Fix within 90 days
Informational	Best practice recommendations	Review at discretion

Finding Details

Summary

Brief description of the vulnerability and its impact.

Technical Details

Affected endpoint
Vulnerable parameter
Attack payload used
Request/response data

Proof of Concept

Working exploit demonstrating the vulnerability:

curl -X POST 'https://example.com/api/users' \
  -d "id=1' OR '1'='1"

Business Impact

Analysis of how this vulnerability affects your business:

Data exposure risk
Compliance implications
Reputation impact

Remediation Steps

Specific guidance for fixing the vulnerability with code examples.

Workflow States

New

Newly discovered vulnerability awaiting review.

Confirmed

Validated by team, acknowledged as genuine issue.

In Progress

Fix is being developed.

Fixed

Remediation deployed, awaiting verification.

Verified

Retest confirmed the fix is effective.

Filtering Findings

Use filters to focus on what matters:

# Filter examples
severity:critical,high
status:new,confirmed
target:production-app
type:injection
discovered:this-week

Bulk Operations

Manage multiple findings at once:

Bulk Status Update: Move multiple findings to new state
Bulk Assignment: Assign to team member
Bulk Export: Download selected findings
Bulk Ignore: Mark false positives

Use bulk ignore carefully. Document reasons for ignoring findings.

Retesting

After applying fixes:

Mark finding as Fixed
Click Request Retest
AI agent verifies the fix
Finding moves to Verified or returns to Confirmed

Automated retesting runs during each assessment to catch regressions.

False Positives

If a finding is not a genuine vulnerability:

Click Mark as False Positive
Add justification explaining why
Finding is excluded from future reports
AI learns from feedback to reduce similar false positives

Integration with Issue Trackers

Export findings to:

Jira
GitHub Issues
GitLab Issues
Linear
Custom webhooks

Configure integrations in Settings → Integrations.

Next Steps

Generate Reports

Create stakeholder-ready documentation.

API Reference

Automate findings management via API.

Getting Started

Guides

Integrations

Findings Overview

Severity Rating

Vulnerability Type

Evidence

Remediation

Severity Levels

Finding Details

Workflow States

Filtering Findings

Bulk Operations

Retesting

False Positives

Integration with Issue Trackers

Next Steps

Generate Reports

API Reference

Getting Started

Guides

Integrations

​Findings Overview

Severity Rating

Vulnerability Type

Evidence

Remediation

​Severity Levels

​Finding Details

​Workflow States

​Filtering Findings

​Bulk Operations

​Retesting

​False Positives

​Integration with Issue Trackers

​Next Steps

Generate Reports

API Reference

Findings Overview

Severity Levels

Finding Details

Workflow States

Filtering Findings

Bulk Operations

Retesting

False Positives

Integration with Issue Trackers

Next Steps