As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Manually Mapping Vulnerabilities


You will learn

How to map unmapped vulnerability findings.

Prerequisites

Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 5 minutes
Tools required: N/A

Introduction

Occasionally, users will upload a scan file with vulnerabilities into ThreadFix and find that no Findings seem to have been uploaded into the system. This occurs if none of those vulnerabilities were able to be mapped to a CWE.

CWE Mappings

CWE Mappings allows users with Manage Vulnerability Types permission to manually map scanner vulnerability types. Unmapped Findings can be addressed from within an application’s details page through the Unmapped Types tab and/or through the Scanner Vulnerability Types page, in the CWE Mappings tab.

Unmapped Types Tab

In the following example note a few items under the Unmapped Types tab on an application’s details page as highlighted below.

CWE Mappings tab

To access CWE Mappings, users should expand the Application menu followed by expanding the Customize sub-menu and selecting the Scanner Vulnerability Types page. From this page the CWE Mappings tab contains the mapping options.

Select the CWE Mappings tab to display Unmapped Scanner Vulnerability Types. The following example displays a scan with unmapped vulnerability types following a scan upload to an application. The following example displays a scan with unmapped vulnerabilities.


Create Mappings

The following functionality requires the user to have the ‘Manage Vulnerability Types’ permission at the global role level, since the CWE mapping needs to be applied to all vulnerabilities that have findings with the same scanner vulnerability type across your entire portfolio of teams/apps.

  1. To manage unmapped vulnerabilities, first select a desired scanner to map and click the Create Mapping link. This will pop up a Create Mapping modal. Note the scanner can also be expanded to view details for the scanner; clicking the View Finding link will redirect to its Finding Details page which contains an Edit CWE Mapping button allowing for the same mapping function.

     

  2. From the Create Mapping modal, begin entering a CWE into the entry field and select the desired CWE.

     

    Click the Create Mapping button.

     

  3. The scanner vulnerability type will now be added to the list of Custom Scanner Vulnerability Type Mappings. The Edit Mapping link brings up the Create Mapping modal to allow it to be remapped.

     

  4. Clicking the View History link will display a Mapping History modal.

From the top of the CWE Mappings tab, mapped and unmapped type reports can be exported by email with their respective buttons.

Additionally, users can also map findings from within an application or team by selecting the Customize ThreadFix Vulnerability Types and Severities option from the Action drop-down menu. For more information, please see the Customizing ThreadFix Vulnerability Types guide.

 

Remapping a Vulnerability is deprecated as of version 2.8.4.



www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.