As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Finding Statuses and Severity Logic

You will learn

About the operating logic for Finding statuses ad Severity settings.

Prerequisites

Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: N/A

Finding Status and Severities Logic Flow

If the user has not altered the Status or Severity of a Vulnerability in ThreadFix, then ThreadFix will continue updating the Status and Severity to the latest value of the scans being ingested. If the Status or Severity in ThreadFix has been altered by a user, it will remain what it was changed to within ThreadFix until it is once again manually changed by a user. The exception to this are the Open and Closed statuses. For example, a manually closed vulnerability will automatically reopen when a new or updated scan is ingested.

Vulnerability Status and Severity Behavior

Vulnerability Status and Severity Behavior

Status

Automatically Reopens with a New Scan:

If Manually Set by User, Requires User to Manually Change Status:

Open Vulnerability

N/A

Yes

Close Vulnerability

Yes

Yes

Mark as False Positive

No

No

Mark as Contested

No

No

Mark as Verified

No

No

Change Severity >

N/A

Yes

Scanner Exploitable

No

N/A

 

Vulnerability Statuses

Vulnerability Statuses

Status

Status Definition

Open Vulnerability

The vulnerability is seen as currently present within the application.  This is the default state when a vulnerability is first created which occurs when it is reported after a recently imported scan.

Close Vulnerability

The vulnerability is seen as no longer present within the application. This is the default state assigned to a vulnerability when a scan is imported that no longer reports a previously reported finding.

Mark as False Positive

Indicates the vulnerability is not a legitimate security concern. If any finding is marked False Positive, the Vulnerability will be false positive by default.  If subsequent scan uploads un-mark all findings as False Positive, then the Vulnerability will be seen as a true positive once again within ThreadFix by default. 

Mark as Contested

Indicates a user not possessing the authority to mark a vulnerability as a False Positive intends to contest the validity of a finding. This can only be set within ThreadFix UI or API.

Mark as Verified

Indicates a user with proper permission has evaluated a vulnerability and determined it to be exploitable and requiring remediation.

Can only be set within ThreadFix UI or API.

Scanner Exploitable

Scanner Exploitable- A status ThreadFix can set based on attributes from a scanner. Some scanners can report human intervention/verification of an exploit or vulnerability.  For supported scanners, ThreadFix can interpret that as part of the scan ingestion and set a “Scanner Exploitable” status on the vulnerability.

Can only be set within the scanner tool.



 

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.