Analytics & Reports 3.X

Owned by Daniel Colon
Last updated: Nov 15, 2022

You will learn

About the various available reports and statistics provided by ThreadFix.

Prerequisites

Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 5 minutes
Tools required: N/A

Introduction

Reporting in ThreadFix provides the ability to view application vulnerability data from many different angles. There are several different report types, each with its own filter set. These filters include limiting the view of data by date range, merged vulnerabilities, and various other metrics that allow users to control the visualization of application vulnerability data. Reports can be exported in various formats, such as PDF, CSV and SSVL. This allows for easy sharing of vulnerability data amongst teams and stakeholders. The following is a breakdown of each report and the data it displays.

The Trending Report gives an excellent visual representation of how the number and composition of vulnerabilities for an application changes over time. Filters can be used to narrow the focus to a specific application, or leave the default settings and get a general overview of how teams are progressing.

Users can filter this report by Teams, Applications, Application Tags, Severity, Analysis Type, Aging, and Date Range. ThreadFix can export this report as a PDF.

Snapshot

The Snapshot tab provides several useful tools for viewing specific aspects of applications and their vulnerability statuses. The drop-down menu displays list of selectable report types.

The following provides a summary of each report type.

Point in Time Report


The Point in Time Report provides an intuitive display of a project's current state. Compare the ratio and severity of existing vulnerabilities using the top chart, and explore more in-depth information on each vulnerability with the expanding vulnerability tree below.

Users can filter this report by Teams, Applications, Application Tags, Severity, and Analysis Type. ThreadFix can export this report as a PDF.

Progress by Vulnerability Report

The Progress by Vulnerability Report is an excellent tool for tracking a development team's response time to specific vulnerabilities. Here users can research the average age of vulnerability types as well as the average time to close each type. Comparing these metrics to industry performance can help teams target specific areas of concern.

The Average Age field shows how many days on average all open vulnerabilities of a particular type have been open. If no vulnerabilities of that type are currently open, the Average Age field will read 0.

The Average Time to Close shows how many days on average all closed vulnerabilities of a particular type were open prior to closing.

Users can filter this report by Teams, Applications, Application Tags, Severity, and Analysis Type. ThreadFix can export this report as a CSV or PDF.

Most Vulnerable Applications

The Most Vulnerable Applications Report brings the applications with the most issues to the forefront. This report provides the application's vulnerability composition to aid in the development of remediation strategies.

Users can filter this report by Teams, Applications, Application Tags, Most Vulnerable Applications Grouping, Severity, and Analysis Type. ThreadFix can export this report as a PDF.

OWASP Top 10

The OWASP Top 10 Report highlights application vulnerabilities that coincide with the ten highest web security threats as designated by the Open Web Application Security Project (OWASP). The expandable tree allows for further exploration of these vulnerabilities.

Users can filter this report by Teams, Applications, Application Tags, Severity, and Analysis Type. ThreadFix can export this report as a CSV, SSVL, or PDF.

Portfolio Report


The Portfolio Report displays information on how current the imported scans are for each application in the portfolio. This report can help target specific applications for follow-up scans in order to stay up-to-date on a projects' vulnerability statuses.

Users can filter this report by Teams, Applications, Application Tags, Severity, and Analysis Type. ThreadFix can export this report as a PDF.

DISA STIG Report

The DISA (Defense Information Systems Agency) STIG (Security Technical Information Guide) report displays information on an application’s compliance with DISA’s Application Security and Development STIG requirements. This report can help users plan and execute remediation strategies in order to maintain compliance with governmental application security standards. Users can filter this report by Teams, Applications, Application Tags, Severity, and Analysis Type. ThreadFix can export this report as a CSV, PDF, or SSVL document.

For more information on STIG, view the Defense Information Systems Agency site.

Scan Comparison Summary

 

The Scan Comparison Summary report gives a side-by-side look at how each scanner is performing, showing the number and percentage of total vulnerabilities found, number and percent of total false positives discovered among them, how many HAM (Hybrid Analysis Mapping) endpoints were found per scanner, and the percentage total that represents.

Users can filter this report by Teams, Applications, Application Tags, Severity, and Analysis Type. ThreadFix can export this report as a PDF.

Remediation Report

 

The Remediation Report provides an in-depth look at an applications' vulnerability state and the progress of a team's remediation efforts. This page displays the trending report, as well as a more detailed table with starting and ending vulnerability counts to gauge progress. In addition, Open and Closed vulnerabilities can be expanded to explore issues and their status/criticality, including any comments on those vulnerabilities.

Users can filter this report by Team, Application, Application Tag, Severity, Aging, and/or Date Range.

Vulnerability Search Report


The Vulnerability Search allows users to filter and explore specific vulnerabilities. Details are provided regarding where these vulnerabilities arose, what scanner detected them, the criticality of the vulnerabilities, and more.

Users can filter this report by Teams, Applications, Application Tags, Scanners, Number of Merged Findings, Defects, Aging, and Vulnerability Details. ThreadFix can export this report as a CSV or SSVL.

Hotspot

The Hotspot tab displays summaries of shared static vulnerabilities analyzed across applications for any overlapping vulnerabilities which may indicate the likelihood of shared vulnerable source code. For information on creating a Shared Vulnerability Schedule please see the System Settings guide.

The Hotspot tab displays two time stamps, the first is the time the last update began and the second is when said scan completed. The Severity level, Confidence score, Vulnerability Count as well as Vulnerability Type will display for all vulnerabilities that have been found.

The Shared Vulnerability Schedule feature allows a user to select a time to calculate the Shared Vulnerability report in the Hotspot section of the Analytics page.  This patented calculation analyses data flows from static results across all applications within ThreadFix to find areas of overlap indicating a likelihood of shared vulnerable source code. Due to the very large memory and processing requirements of this feature, users interested in the Shared Vulnerability Schedule should contact ThreadFix Support for recommendations when large sets of vulnerabilities exist within their instance.

To gain further details for any of the vulnerability types, click on View Details. Details will display for each of the vulnerability findings including the associated Scanner Name, Finding Name, Application, and Team.

 

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.