Findings overview

Created:
July 26, 2023
Updated:
July 10, 2024

The Findings feature in the FireTail platform detects OWASP's top 10 API security issues within discovered APIs and general API security best practices. Being aware of these vulnerabilities enables you to apply remediation techniques to address issues such as broken authentication, mass assignment, and security misconfiguration.

Read more about the OWASP top ten API security risks here.

How a finding is triggered 

Findings can be generated in the following ways:

  1. When a specification is uploaded to the FireTail platform. 
  2. A GitHub repository is scanned. 
  3. Through detections from logs.
  4. Through observations from active scanning.

In the backend, an events processor checks if the criteria is met to create a finding. A single event can result in multiple findings.

Go to Posture Management in the FireTail platform and select the Findings tab to view the findings.

Overview

The top of the findings page displays the total number of findings within each severity category. These categories are:

  • Information
  • Low
  • Medium
  • High
  • Critical 

Select a severity, or multiple severities to view findings with the selected severities.

Click Download to download a CSV file of the findings data. Learn more about how to download.

For each finding, the following details are displayed:

  • Title  
  • Description
  • API
  • Severity
  • Status
  • Created on

Click individual findings to view further information.

Filters 

Use the Filter function to view findings on the platform that match the criteria of your filter. Click Filters and apply one or more of the following filters:

Duration - this is the time from when the finding was created. You can filters to view findings created in the:

  • Last hour
  • Last day
  • Last month
  • Last 3 months
  • Or select Custom and enter a Start date and an End date to filter by a specific timeframe.

Select field - In the select field dropdown you can choose to filter by:

  • API
  • Application
  • Severity
  • Status
  • Name
  • Event

Click confirm to apply the filter parameters. The findings displayed reflects the parameters you have applied.

Finding severity

Each finding is tagged with a severity. You can redefine the default severity of the finding. The severities to choose from are:

  • Information
  • Low
  • Medium
  • High
  • Critical 

Change severity

  1. Click the appropriate finding.
  2. Click the severity dropdown menu.
  3. Select the new severity.
  4. Click Update on the confirmation screen to confirm the new severity.

Status 

The default status of a finding is Open, you can change the status of the finding.

  • Open - the finding is open.
  • Remediated - you have taken action to fix the cause of the finding.
  • Ignored - the finding can be ignored.
  • Risk accepted - you have not taken action but are aware of the finding and any associated security risk.
  • False positive - a finding has been discovered but there is nothing to fix.

Change status 

  1. Click the status dropdown menu.
  2. Select the new status.
  3. Click Update on the confirmation screen to confirm the new status.

Findings information

Click on a specific finding to view further information.

You can view additional information about why this finding has been discovered. Where relevant, the details page also displays where the issue has occurred within the file.

Remediation

Assess your business needs before applying any remediation suggestions.

Fix the security issues described in the finding by following, if required the remediation steps.

Compliance

View which of the OWASP API security top 10 issues the finding corresponds to.

Related topics