This page details how to manually map unmapped Findings in ThreadFix.
Introduction
Occasionally, you will upload a scan
📙 You will learn
How to map unmapped vulnerability findings.
Prerequisites
Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 5 minutes
Tools required: N/A
Introduction
Occasionally, users will upload a scan file with vulnerabilities into ThreadFix and find that no Findings seem to have been uploaded into the system. Now, how can this be so when you know your scan file had vulnerabilities listed in it? It's because This occurs if none of those vulnerabilities were able to be mapped to a CWE. In this scenario, you'll notice that you have
CWE Mappings
CWE Mappings allows users with Manage Vulnerability Types permission to manually map scanner vulnerability types. Unmapped Findings can be addressed from within an application’s details page through the Unmapped Types tab and/or through the Scanner Vulnerability Types page, in the CWE Mappings tab.
Unmapped Types Tab
Map FindingsIn the following example note a few items under the 'Unmapped Findings' tab on the Application detail page.
These are the Findings generated by ThreadFix that have yet to be mapped to a CWE ID.
Types tab on an application’s details page as highlighted below.
CWE Mappings tab
To access CWE Mappings, users should expand the Application menu followed by expanding the Customize sub-menu and selecting the Scanner Vulnerability Types page. From this page the CWE Mappings tab contains the mapping options.
Select the CWE Mappings tab to display Unmapped Scanner Vulnerability Types. The following example displays a scan with unmapped vulnerability types following a scan upload to an application. The following example displays a scan with unmapped vulnerabilities.
Create Mappings
| Note |
|---|
The following functionality requires the user to have the ‘Manage Vulnerability Types’ permission at the global role level, since the CWE mapping needs to be applied to all vulnerabilities that have findings with the same scanner vulnerability type across your entire portfolio of teams/apps. |
Notice how the finding now shows up under the Vulnerabilities tab.
To manage unmapped vulnerabilities, first select a desired scanner to map and click the Create Mapping link. This will pop up a Create Mapping modal. Note the scanner can also be expanded to view details for the scanner; clicking the View Finding link will redirect to its Finding Details page which contains an Edit CWE Mapping button allowing for the same mapping function.
From the Create Mapping modal, begin entering a CWE into the entry field and select the desired CWE.
Click the Create Mapping button.
.png?version=1&modificationDate=1668462959299&cacheVersion=1&api=v2)
The scanner vulnerability type will now be added to the list of Custom Scanner Vulnerability Type Mappings. The Edit Mapping link brings up the Create Mapping modal to allow it to be remapped.
Clicking the View History link will display a Mapping History modal.
From the top of the CWE Mappings tab, mapped and unmapped type reports can be exported by email with their respective buttons.
Additionally, users can also map findings from within an application or team by selecting the Customize ThreadFix Vulnerability Types and Severities option from the Action drop-down menu. For more information, please see the Customizing ThreadFix Vulnerability Types guide.
| Info |
|---|
Remapping a Vulnerability is deprecated as of version 2.8.4. |
Table of Contents
| Table of Contents |
|---|