Viewing Issues in Invicti Enterprise

The Issues window displays lists of vulnerabilities detected in scans run by your entire team. You can get an overview of Issues that have been assigned to you, those that are awaiting a Retest, and those that are Addressed.

Issues ToDo Screen

Administrators and project managers benefit from an overview of all Issues, including the current State of each Issue and to whom it has been assigned.
You can send any issue to an issue tracking system that you integrated with Invicti.
You can see details of the HTTP Request and Response of an Issue.
You can update an issue details, such as Fixed(Unconfirmed) and Accepted Risk.

For further information, see Managing Issues in Invicti Enterprise.

You can also view issues using the Issues API Endpoints, enabling you to easily integrate with other applications or internal systems. You can now use the API Endpoints to view the following:

Addressed Issues list

All Issues list

Issues by Id list

Report of Issues in CSV format

To Do list

Waiting for Retest list

For further information, see API Documentation.

Issues lists

This table lists and explains the lists available from the submenus in the Issues window.

List	Description
To Do	This window displays a list of all the Issues that have been assigned to you. You can take action by fixing them, assigning them to someone else or changing their status. The number next to the menu name indicates how many outstanding items you have on your To-Do list. In the Status column for each newly identified vulnerability, it will read Present. Once you click Retest, it will change to Fixed (Unconfirmed).
Waiting for Retest	This window displays a list of all Issues whose State has been updated to Fixed (Unconfirmed). They are waiting to be tested automatically by Invicti Enterprise.
Addressed Issues	This window displays a list of all the Issues that have been addressed and whose State has been updated to one of the following: Accepted Risk: Indicates that the Issue has been considered and is marked as a low risk vulnerability False Positive: Indicates that the Issue has been considered and is marked as not a genuine vulnerability Fixed (Confirmed): Indicates that the Issue has been fixed and confirmed by Invicti Enterprise, and so requires no further action Users with Manage Issues (Restricted) permission can only mark an Issue’s state as 'Fixed (Confirmed)'.
All Issues	This window displays a list of all Issues detected in scans run by your entire team. The entire team can view all Issues in a scan report, even if they only have the Manage Issues (Restricted) permission.

Issue page fields

This table lists and explains the fields listed in the Issues window's columns and in an individual Issue page.

Field	Description
Title/Issue	This is the name of the vulnerability, such as Internal Server Error. Some issues are grouped, meaning they are reported only once per website. This help text is displayed in the Details window.
Severity	This is the vulnerability severity level. The options are: Critical High Medium Low Information Best Practice For further information, see Vulnerability Severity Levels.
Website Group/ Website	This is the name of the scanned website.
URL/ Issue URL	This is either the website address of the scanned website or the URL of the detected issue.
First Seen	This is the date and time the issue was first detected.
Last Seen	This is when the issue was most recently detected.
Tags	This is the label given to an issue to group and/or give additional context. For further information, see Tagging issues in Invicti Enterprise.
Assignee	This is the name of the person who has been assigned the task. It may be: The Technical Contact for the scanned website The Team Member who initiated the scan Any other member of the team
Status	This indicates the current status of the issue. All Issues are initially marked as Present. Present– This indicates that the Issue has been present. Accepted Risk– This indicates that the Issue has been considered and is marked as a low risk vulnerability. False Positive– This indicates that the Issue has been considered and is marked as not a genuine vulnerability. Fixed (Unconfirmed)– This indicates that the Issue has been fixed but not confirmed by Invicti Enterprise. Fixed (Confirmed)– This indicates that the Issue has been fixed and confirmed by Invicti Enterprise, and so requires no further action. Fixed (Can't Retest)– This indicates that the Issue has been found but Invicti cannot retest to confirm whether the Issue has been fixed or not. Ignored– This indicates that the Issue was ignored by the user. In Invicti Enterprise, to ignore an issue, you update its status as "accepted risk". Revived– This indicates that the issue had been fixed in previous scans but revived again. Scanning– This indicated that Invicti has been scanning the vulnerability. For further information, see Addressed Issues and Issue Lifecycle.

Column Filters

All columns can be filtered, using a highly customisable combination of Fields, Operators, and Values. Each is explained below. This is useful for teams that manage the security of many websites.

Filters & Values

This table lists the filters and values available for columns listed above. Select an option to filter the list by that criterion.

In many cases, values can be entered into the value field; in others, the value can be selected from a drop-down menu.
You can enter more than one filter at a time.

Field	Description	Value
Title	Select to filter issues by their title.	Enter a value.
Severity	Select to filter issues by the severity.	The drop-down options are: (Not Set) Critical High Medium Low Information Best Practice
Website Group	Select to filter issues by the website group.	Enter a value.
Website	Select to filter issues by the website.	Enter a value.
First Seen	Select to filter issues by the first seen date.	Select a date.
Last Seen	Select to filter issues by the last seen date.	Select a date.
Tags	Select to filter issues by tags.	Enter a value.
Assignee	Select to filter issues by the assignee.	Enter a value.
Status	Select to filter issues by their status.	The drop-down options are: (Not Set) Accepted Risk False Positive Fixed (Unconfirmed) Fixed (Confirmed) Fixed (Can't Retest) Ignored Revived Scanning
State	Select to filter issues by their state.	The drop-down options are: (Not Set) New Not Found Not Fixed Fixed Revived
Opened By	Select to filter issues by their opened date.	Select a date.
Addressed	Select to filter issues by their state which indicates whether issues have been addressed or not.	The drop-down options are: (Not Set) Yes No

Operator

This table lists and explains the Operators available for filtering columns. They work in conjunction with the Field, Operator, and Value.

Operator	Description
Equal	This operator can be used for exact matching.
Not Equal	This operator can be used to exclude some results based on exactly matching.
Contains	This operator can be used to include results if the filtered column contains the value.
Not Contains	This operator can be used to exclude certain results.
Starts with	This operator can be used to filter for columns that begin with the value.
Ends with	This operator can be used to filter for columns that end with the value.
Less than	This operator can be used to filter columns that contain numeric and date time values rather than string values.
Less than or equal	This operator can be used to filter columns that contain numeric and date time values rather than string values.
Greater than or equal	This operator can be used to filter columns that contain numeric and date time values rather than string values.
Greater than	This operator can be used to filter columns that contain numeric and date time values rather than string values.