Findings overview

The Findings feature enables the detection of OWASP's 2019 top 10 API security issues within any of the discovered APIs on the platform. Being aware of and identifying these vulnerabilities enables you to apply remediation techniques, addressing issues such as broken authentication, mass assignment and security misconfiguration. Read more about the OWASP top ten API security risks here.

How a finding is triggered 

Findings can be detected when an event occurs, for example, a collection is uploaded to the platform, or when a GitHub repository is scanned. In the backend an events processor checks if the criteria is met to create a finding. A single event can result in the discovery of multiple findings.

Navigate to Posture management in the FireTail platform and select the Findings tab to view the findings.

Overview

The top of the findings page displays the number of finding within each severity category. These categories are:

• Information
• Low
• Medium
• High
• Critical 

When viewing the findings you can choose grid view or list view. Toggle between grid and list to change the view.

Grid view

Each finding is displayed in a card which gives you an overview of the finding, each card displays:

• Title  
• Description
• API
• Severity
• Status
• Time created

Click the card to view further information about the finding.

List view

The list view displays the findings in a table format. The table displays:

• Title
• Description
• API
• Severity
• Status
• Created

Click the title to view further information about the finding.

Filters 

You can apply various filters to the findings on the platform. The filter enables you to filter by:

• Date/time - the date or time the finding was created.
• Code - the code indicating which of the OWASP 2019 top 10 API security issues the finding belongs to.
• Severity - the severity of the finding. 
• Status - the status of the finding.

Filter by date range or time

Findings can be filtered by time. Select from:

• Last hour
• Last day
• Last month
• Last 3 months

Select Custom and enter a Start date and an End date to filter by a specific timeframe. Click confirm. The findings displayed reflects the time frame selected

Severity

Each finding is tagged with a severity. You can redefine the preselected severity. The severities to choose from are:

• Information
• Low
• Medium
• High
• Critical 

Change severity

1. Click the appropriate finding.
2. Click the severity dropdown menu.
3. Select the new severity.
4. Click Update on the confirmation screen to confirm the new severity.

Status 

The default status of the finding is Open, you can change the status of the finding.

• Open - the finding is open.
• Remediated - you have taken action to fix the cause of the finding.
• Risk accepted - you have not taken action but are aware of the finding and any associated security risk.
• False positive - a finding has been discovered but there is nothing to fix.

Change status 

1. Click the finding.
2. Click the status dropdown menu.
3. Select the new status.
4. Click Update on the confirmation screen to confirm the new status.

Findings information

Click on the finding to view further information. Select to view the Report or Remediation tabs.

Report

The report gives you additional information about the finding and details where the issue has occurred within the file.

Compliance

The compliance displays which of the OWASP API security top 10 issues the finding corresponds to.

Remediation

Assess your business needs before applying any remediation suggestions.

Fix the security issues described in the finding by following, if required the remediation steps.

Related topics

• What's the difference between a finding and an alert?
• Events
• Collections