As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Global Vulnerability Mapping and Severity Display
You can also remap vulnerability types and toggle the display of severities from the application details page, from the Global tab. This is an alternate workflow for the same functionality that exists in Customize->ThreadFix Vulnerability Types and Customize->ThreadFix Severities. The ability to control global vulnerability remapping and severity display from this page is for convenience. Changes made in either location will appear in both.
These are the same controls as under the Application and Team tabs, and their functions are the same. The only difference is that the scope of the changes is now global.
Click the Global tab, and then click Create New Mapping. Fill in the Source Vulnerability Type field, by typing in either the CWE number or part of its description. Then choose the Target Severity Type. Click the Save Mapping button and the remapping appears in the display list.
Setting the severity to Ignore will cause all vulns with the selected CWE to have a status of Hidden; they will thus not be included in your vulnerability count.
You can view these in a vuln tree by expanding the Field Controls filter and checking the Hidden box within the Status section.
To undo this change, simply delete the mapping created above (click Edit/Delete and then Delete).
Now, navigate to Configuration (cog)->Customize->ThreadFix Vulnerability Types. You can see that the remapping is in the global scope of ThreadFix:
The same thing applies to severity display. Click the Global tab, and then click the checkbox to enable toggling of severity display. For demonstration purposes, we will only allow severities of Critical and High to display.
If you return to the application’s details page, you can see that only High and Critical level vulnerabilities are displayed:
Now, navigate to Configuration> Customize>ThreadFix Severities. You can see that the global changes you made to severity display from the application details page are mirrored here:
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.