As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.
Customizing Scanner Severities 3.0
- Daniel Colon
You will learn
How to customize ThreadFix severity mappings as well as create and edit scanner result suppression rules.
Prerequisites
Audience: IT Professional, or End User
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: N/A
ThreadFix has a set of predefined mappings from scanner severities to ThreadFix severities. Users can edit any ThreadFix severity mapping on the Customize Scanner Severities page.
ThreadFix Severity Mappings
To customize ThreadFix Severity Mappings first expand the Application menu on the Navigation sidebar. Click to expand the Customize sub-menu and select Scanner Severities. The page defaults to the ThreadFix Severity Mappings tab and initially displays a list of supported scanners. Next to each scanner is an arrow toggle button. There are Expand All and Collapse All buttons that will open or close the toggled view for all scanners.
Click the arrow next to a chosen scanner to see the predefined ThreadFix mappings.
Â
After opening the predefined mapping for the chosen scanner (in this example, Fortify SCA was chosen, note its Generic Severity level), select the Generic Severity from the drop-down menus to map to its associated Scanner Severity.
Here, the administrator has decided to remap Fortify SCA’s Code Quality severity to a ThreadFix Info level.Â
Users can remap multiple scanner severities at the same time. When finished remapping scanner severities, click the Update button. A success message with the number of updated scanner severities, along with a note saying that ThreadFix is updating all vulnerabilities in the background will display.
Exclude Severities
In addition to remapping scanner severities, users can exclude them from being processed at all, to save resources. E.g., If a user does not want Low nor Note findings from Contrast to be saved into the ThreadFix database and processed, exclude them, as shown below. In the following example, Low and Note finding data from Contrast will not be added to the ThreadFix database, saving resources.
Suppress Scanner Results
From the Suppress Scanner Results tab users can choose to create rules that suppress certain scanner results. This differs from exclusions, shown above, in that the findings are ingested & processed by ThreadFix, but they're simply not shown nor counted.
From the Customize Scanner Severities page, click on the Suppress Scanner Results tab. In the following example, the user has not yet created any rules.
Click the Create New Rule button. This will bring up a modal dialog with dropdowns that allows choosing the scanner and level of severity to suppress. Click the Create Filter button. The dialog will close and a success message will display. All Info and Code Quality level vulnerabilities from Fortify SCA are now suppressed.
Â
To edit or remove the rule, click the Edit/Delete button. This brings up a modal dialog which allows the user to change the level of severity to suppress, or delete the rule entirely. Editing the rule and clicking Save Edits results in a success message.
When choosing to delete the rule, a browser dialog will prompt asking if the user is certain they want to delete the rule. Click OK, and a success message will appear.
Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.