Findings Components

By breaking away from traditional report-first workflows, findings are managed independently at the client and tenant levels, enabling teams to track, analyze, and remediate vulnerabilities more effectively.

The Findings module consists of two tabs: Findings and Instances.

A finding represents a unique vulnerability occurrence for a specific client, while an instance represents each specific occurrence of that finding on a single asset.

Findings Tab

The findings tab displays client-level findings, deduplicated by source and title, providing a view of unique organizational issues. A user needs authorization for every client to see all findings across the tenancy.

Findings Overview Section

The Findings overview section provides a consolidated view of findings and is updated hourly. It includes analytics to understand progress, such as findings by severity and a breakdown of total open findings, so users can determine what to work on next. The data can be filtered by date values and client(s).

Findings Inventory Section

The findings inventory list displays all client-level findings in one place, deduplicated by source and title. A user needs authorization for every client to see all findings across the tenancy.

Instances Tab

A finding is a unique vulnerability within a client, while an instance is a specific occurrence of that finding on a single asset.

To illustrate:

Findings Tab: If a "Wireless Data Extraction" vulnerability exists, it is counted as one finding for each unique client where it occurs, provided the source and title are also unique. If a user has authorization to view all clients, they will see every unique vulnerability across the entire organization.
Instances Tab: When a user clicks on the "Wireless Data Extraction" finding and views its instances, they will see a list of all unique assets affected by that vulnerability. For example, if the vulnerability impacts three different assets, the page will display three instances, each representing the occurrence of the vulnerability on a specific asset.

A finding will always have one or more instances, while an instance will only have one finding.

Instances Overview Section

The Instances overview section provides a snapshot of instances by status, score, and assignee, enabling users to analyze and organize finding data efficiently. The container can be collapsed by clicking the arrow at the top right.

Instances Inventory Section

The instances table provides a detailed breakdown of specific vulnerabilities or issues across an organization's assets. Each instance represents a unique finding on a single asset, offering granular visibility into where and how often an issue appears.

Findings are deduplicated at a higher level, while instances show the exact scope of the problem across multiple assets, helping to determine whether an issue is widespread or isolated. Additionally, the table tracks when vulnerabilities were first detected, offering historical context for assessing how long issues have persisted.

Last updated 1 year ago

Was this helpful?

hashtagFindings Tab

hashtagFindings Overview Section

hashtagFindings Inventory Section

hashtagInstances Tab

hashtagInstances Overview Section

hashtagInstances Inventory Section