As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Introduction

Reporting in ThreadFix provides the ability to view application vulnerability data from many different angles. There are several different report types, each with its own filter set. These filters include limiting the view of data by date range, merged vulnerabilities, and various other metrics that allow users to control the visualization of application vulnerability data. Reports can be exported in various formats, such as PDF, CSV and SSVL. This allows for easy sharing of vulnerability data amongst teams and stakeholders. The following is a breakdown of each report and the data it displays.

Vulnerability Search Report


The Vulnerability Search allows users to filter and explore specific vulnerabilities. Details are provided regarding where these vulnerabilities arose, what scanner detected them, the criticality of the vulnerabilities, and more.

Users can filter this report by Teams, Applications, Application Tags, Scanners, Number of Merged Findings, Defects, Aging, and Vulnerability Details. ThreadFix can export this report as a CSV or SSVL.

Filtering Details

Scope

  • Teams - Input field that allows users to include any desired teams into the report

  • Applications - Input field that allows users to include any desired applications into the report

  • Unique ID - Input field for a unique ID which is an alternate identification name for an application createad by the user.

Tag - Input field allowing users to include any desired created tags that have been associated to an application into the report.

Vulnerability Detail - Checkboxes divided into two categories, Severity and Other. The Severity options can be selected to include the desired vulnerability severity levels into the report, ranging from the most severe level of Critical down to the least severe level of Unassigned. The Other options provided vary from the following:

  • Total - Providing a total count of vulnerabilities

  • Old - Based on vulnerabilities identified and have remained open since the last scan

  • New - Based on vulnerabilities that have recently been identified in the most recent scan

  • Resurfaced - Based on vulnerabilities that were closed by have been reopened

  • Closed - Vulnerabilities that have been resolved and marked as closed

  • Hidden - Vulnerabilities that have been chosen to be hidden by the user. Note though hidden, these are still ingested unless they have been set to be excluded per-scanner.

 

Time - Users can select from available preset ranges of time such as Last Quarter, Last Year, or Forever. Also available is a calendar select input field allowing for a custom range of time to be set.

Table of Contents

  • No labels

[www.threadfix.it] | [www.coalfire.com]
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.