As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Per-Application Customization

 

You will learn

How to customize what vulnerability and severities are displayed per application.

Prerequisites

Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 5 minutes
Tools required: N/A

 

ThreadFix can customize vulnerability types and severities, however these controls are global. ThreadFix offers another entry point to the customization process, giving administrators fine-grained control over the display of vulnerabilities and severities at the team and application level. This guide covers the application level.

To begin vulnerability and severity customization at the application level:

  1. Navigate to the Portfolio page, select Application from the drop-down menu and click on a desired application. This displays an index of applications.

    Alternately, without selecting Application from the drop down menu, select a chosen team and click on the desired application.

  2. From its details page click on the upper Action drop-down button and select Customize ThreadFix Vulnerability Types.

     

  3. This will display the customization page for the application. This works in the same fashion as previously seen in Customizing ThreadFix Vulnerability Types and Customizing ThreadFix Severities. On this page, there are three tabs: ApplicationTeam, and Global. The page defaults to the Application tab.

     

  4. There are no application-level mappings yet; to create a new mapping, click the Create New Mapping button. This will display a modal dialog.

  5. Begin typing the CWE number or description. A drop-down will populate with entries that contain a CWE number or text. Select the vulnerability to remap.

     

  6. Next, select the Target Severity Type for the mapping. In this example the vulnerability is being mapped to Critical.

     

  7. Click the Save Mapping button. ThreadFix adds the new application-level mapping to the display list:

Setting the severity to Ignore will cause all vulnerabilities with the selected CWE to have a status of Hidden, as such they will not be included in a vulnerability count.

View these in a vulnerability tree by expanding the Field Controls filter and checking the Hidden box within the Status section. To undo this change, simply delete the mapping created above (click Edit/Delete and then Delete).

Per-Application Severity Display

At the bottom of the page is an area allowing users to either show or hide vulnerabilities of a given severity.

  1. Click the Enable checkbox to turn toggling on for the application. Toggle the Show | Hide state to choose the severity types to display or not display to anyone working with this application.

     

  2. Now click the Save Changes button.

     

  3. ThreadFix will display a success message, and the toggled vulnerability. In this case, Information-level vulnerabilities have been toggled to Hidden in the scope of this application. Returning to the details page, the vulnerability tree no longer contains Info-level vulnerabilities.

 

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.