As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

📙 You will learn

How to view Global, User, Team, Application, and Vulnerability history.

Prerequisites

Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 5 minutes
Tools required: N/A

History

The History page is a log of ThreadFix events and actions users have performed. Recording changes provides a powerful tool for managers and administrators, giving them an audit trail for each vulnerability and user. History views are role-based, so users with permissions to view one team will only see the history for that team’s applications.

Global History

To view the complete history for a ThreadFix instance, along with a Login History list, click the Help icon, then select History.

This is a record of all logged ThreadFix events, from all users, vulnerabilities and applications, filtered according to the role of the viewing user. Users will only see entries for applications and teams they have permissions to view.

User History

As detailed in the Manage Users guide, there is a user History section in the Identity Management page’s Manage Users tab. The view presented here differs from the Global History view in that this view is a record of a particular user’s activity. Only the teams, applications and scans that the user has performed some action with appear here. In the example below the user reflected in the history is named “user”.

Team History

Within each team’s details' page is the History tab. The History tab contains a log of ThreadFix events that affected the team's applications. Note that members of a team may not necessarily have permissions for all applications managed by that team; only the applications a user has permissions for will appear for that user.

Application History

The Application Details pages also have a History tab. Within each application’s details page is the History tab. The data displayed here is limited to events involving the chosen application and its managing team.

Vulnerability History

Vulnerabilities can also display pertinent history.

  1. To see a vulnerability’s history, navigate to the application’s details page and scroll down to the vulnerability tree. Expand a selected node. Within each vulnerability, is a View More link.

  2. Click the View More link which opens to the details page for that vulnerability. At the bottom of that page, is the history for that vulnerability.

Event Logging

The following are the events ThreadFix displays on the individual History pages.

Global History Events

Global events shown include:

  • Creation or modification of an application

  • Deletion or uploading of scans

  • Opening, closing, editing or commenting on vulnerabilities

  • Submitting, closing or updating the status of a defect

  • Change in policy status

User History Events

User events shown include:

  • Creation or modification of an application

  • Deletion or uploading of scans

  • Opening, closing, editing or commenting on vulnerabilities

  • Submitting, closing or updating the status of a defect

  • Change in policy status

Team History Events

Application events shown include:

  • Creation or modification of an application

  • Deletion or uploading of scans

  • Opening or closing vulnerabilities

  • Change in policy status

Application History Events

Application events shown include:

  • Creation or modification of an application

  • Deletion or uploading of scans

  • Opening, closing, editing or commenting on vulnerabilities

  • Submitting, closing or updating the status of a defect

  • Change in policy status

Vulnerability History Events

Vulnerability events shown include:

  • Opening, closing, editing or commenting on vulnerabilities

  • Submitting, closing or updating the status of a defect

Table of Contents

  • No labels