As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Per-Team Customization
To begin vulnerability and severity customization at the application level, click the Team tab. The same controls appear here as on the Application tab. Click the Create New Mapping button. This will display a modal dialog. Fill in the vulnerability you wish to remap by typing in the CWE number or part of its description. Select the new severity type, and click the Save Mapping button.
Setting the severity to Ignore will cause all vulns with the selected CWE to have a status of Hidden; they will thus not be included in your vulnerability count.
You can view these in a vuln tree by expanding the Field Controls filter and checking the Hidden box within the Status section.
To undo this change, simply delete the mapping created above (click Edit/Delete and then Delete).
You will see a success message, and your new Team-specific mapping in place.
Per-Team Severity Display
The process for customizing the display of severities for teams is the same as that for applications: Enable the severity toggle by clicking the Enable checkbox, then select the severity or severities that you do not want displayed to this team. Click the Save Changes button, and you will see a success message, and your toggled severity.
If you return to the detail page of one of this team’s applications, you will see that no Info- or Low-level vulnerabilities are visible. This applies to all applications assigned to this team.
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.