Vulnerabilities overview

This document explains the information found on the Vulnerabilities page.

Information available on the Vulnerabilities page

This section below describes each of the available fields you can view on the vulnerabilities page. There are two types of view: by Type and by Vulnerability. Use the former to group all vulnerabilities by type, across all the target scans. Use the latter to see individually all vulnerabilities, across all the target scans. By clicking the Columns button, you can adjust the visibility of information.

View by Type

Vulnerability type

Shows the type of the vulnerability found. Click the arrow by the vulnerability type name to show all occurrences of the vulnerability across all scans and further details: file/URL, target, source, status, confidence, last seen, first seen, assignee, and tags. For more information regarding the details, refer to the View by Vulnerability section.

Severity

Shows the severity level of the found vulnerability: critical, high, medium, low, or informational.

Source

Displays how the vulnerability was identified - either through DAST, SAST, SCA or Container Security scan results.

Occurrences

Displays the number of occurrences of each vulnerability across all scans.

MTTR

Mean time to remediate the vulnerability type.

First seen

Lists the first date and time in which Invicti identified the vulnerability.

Last seen

Lists the last date and time in which Invicti identified the vulnerability.

View by Vulnerability

Vulnerability

The name of each vulnerability identified by Invicti Platform with icon showing severity level: critical, high, medium, low, or informational.

File/URL

The file or URL where the vulnerability was identified.

Asset

Name of the target and environment type where the vulnerability was identified.

Source

Displays how the vulnerability was identified - either through DAST, SAST, SCA or Container Security scan results.

Status

The status of the vulnerability can be: Open, Fixed, Ignored, Rediscovered, or False Positive.

Confidence

Lists the confidence level, showing how certain Invicti Platform or SAST integration is of the vulnerability it identified.

Last seen

Lists the last date and time in which Invicti identified the vulnerability.

First seen

Lists the first date and time in which Invicti identified the vulnerability.

Assignee

This displays the user name of the person to whom the vulnerability is assigned.

Tags

Lists the tags you assigned to the vulnerability.

Vulnerability actions

Export

Allows to export the information on vulnerabilities to a file in .csv, .json, or .xml format.

Bulk actions

After enabling checkbox by multiple vulnerabilities, the Bulk action button allows you to select an action:

• generate report,
• change of status of vulnerabilities,
• send the vulnerabilities to the issue tracker system (after the integration).

Filtering vulnerabilities

It’s possible to filter the vulnerabilities by applying one or more of the filters. Available filter options differ depending on the view selected:

• CWE or Common Weakness Enumeration.
• Threat severity: critical, high, medium, low, information.
• Source: DAST, SAST, SCA or Container Security scan.
• URL: the reference to the resource that contains the issue.
• Occurrences: number of occurrences.
• Status of the vulnerability: false positive, fixed, ignored, open, rediscovered.
• Vulnerability: name of the vulnerability.
• Confidence: the certainty with which Invicti Platform or SAST integration identified the vulnerability.
• Tags: tags assigned to the vulnerability.
• First seen: date when the vulnerability was first identified.
• Last seen: date when the vulnerability was last identified.