As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Finding Statuses and Severity Logic 3.0
- Daniel Colon
Table of Contents
You will learn
About the operating logic for Finding statuses ad Severity settings.
Prerequisites
Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: N/A
Finding Status and Severities Logic Flow
If the user has not altered the Status or Severity of a Vulnerability in ThreadFix, then ThreadFix will continue updating the Status and Severity to the latest value of the scans being ingested. If the Status or Severity in ThreadFix has been altered by a user, it will remain what it was changed to within ThreadFix until it is once again manually changed by a user. The exception to this are the Open and Closed statuses. For example, a manually closed vulnerability will automatically reopen when a new or updated scan is ingested.
Vulnerability Status and Severity Behavior | ||
|---|---|---|
Status | Automatically Reopens with a New Scan: | If Manually Set by User, Requires User to Manually Change Status: |
Open Vulnerability | N/A | Yes |
Close Vulnerability | Yes | Yes |
Mark as False Positive | No | No |
Mark as Contested | No | No |
Mark as Verified | No | No |
Change Severity > | N/A | Yes |
Scanner Exploitable | No | N/A |
Vulnerability Statuses | |
|---|---|
Status | Status Definition |
Open Vulnerability | The vulnerability is seen as currently present within the application. This is the default state when a vulnerability is first created which occurs when it is reported after a recently imported scan. |
Close Vulnerability | The vulnerability is seen as no longer present within the application. This is the default state assigned to a vulnerability when a scan is imported that no longer reports a previously reported finding. |
Mark as False Positive | Indicates the vulnerability is not a legitimate security concern. If any finding is marked False Positive, the Vulnerability will be false positive by default. If subsequent scan uploads un-mark all findings as False Positive, then the Vulnerability will be seen as a true positive once again within ThreadFix by default. |
Mark as Contested | Indicates a user not possessing the authority to mark a vulnerability as a False Positive intends to contest the validity of a finding. This can only be set within ThreadFix UI or API. |
Mark as Verified | Indicates a user with proper permission has evaluated a vulnerability and determined it to be exploitable and requiring remediation. Can only be set within ThreadFix UI or API. |
Scanner Exploitable | Scanner Exploitable- A status ThreadFix can set based on attributes from a scanner. Some scanners can report human intervention/verification of an exploit or vulnerability. For supported scanners, ThreadFix can interpret that as part of the scan ingestion and set a “Scanner Exploitable” status on the vulnerability. Can only be set within the scanner tool. |
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.