Findings overview

The Findings feature enables the detection of OWASP's 2019 top 10 API security issues within any of the discovered APIs on the platform. Being aware of and identifying these vulnerabilities enables you to apply remediation techniques, addressing issues such as broken authentication, mass assignment and security misconfiguration. Read more about the OWASP top ten API security risks here.

How a finding is triggered 

Findings can be detected when an event occurs, for example, when a specification is uploaded to the platform, or when a GitHub repository is scanned. In the backend an events processor checks if the criteria is met to create a finding. A single event can result in the discovery of multiple findings.

Navigate to Posture Management in the FireTail platform and select the Findings tab to view the findings.

Overview

The top of the findings page displays the total number of findings within each severity category. These categories are:

• Information
• Low
• Medium
• High
• Critical 

Click a severity, or multiple severities to view the findings of the selected severities.

Click Download to download a CSV file of the findings data. Learn more about how to download.

When viewing the findings you can choose grid view or list view. Toggle between grid and list to change the view.

The findings overview displays for each finding the:

• Title  
• Description
• API
• Severity
• Status
• Time created

Click individual findings to view further information.

Filters 

Use the Filter function to view findings on the platform that match the criteria of your filter. Click Filters and apply one or more of the following filters:

Duration - this is the time from when the finding was created. You can filters to view findings created in the:

• Last hour
• Last day
• Last month
• Last 3 months
• Or select Custom and enter a Start date and an End date to filter by a specific timeframe.

Select field - In the select field dropdown you can choose to filter by:

• API
• Application
• Severity
• Status
• Name
• Event‍

Click confirm to apply the filter parameters. The findings displayed reflects the parameters you have applied.

Finding severity

Each finding is tagged with a severity. You can redefine the default severity of the finding. The severities to choose from are:

• Information
• Low
• Medium
• High
• Critical 

Change severity

1. Click the appropriate finding.
2. Click the severity dropdown menu.
3. Select the new severity.
4. Click Update on the confirmation screen to confirm the new severity.

Status 

The default status of a finding is Open, you can change the status of the finding.

• Open - the finding is open.
• Remediated - you have taken action to fix the cause of the finding.
• Risk accepted - you have not taken action but are aware of the finding and any associated security risk.
• False positive - a finding has been discovered but there is nothing to fix.

Change status 

1. Click the finding.
2. Click the status dropdown menu.
3. Select the new status.
4. Click Update on the confirmation screen to confirm the new status.

Findings information

Click on a specific finding to view further information.

In the findings details read additional information about why this finding has been discovered. The details page also displays where the issue has occurred within the file.

Remediation

Assess your business needs before applying any remediation suggestions.

Fix the security issues described in the finding by following, if required the remediation steps.

Compliance

The details page indicates which of the OWASP API security top 10 issues the finding corresponds to.

Related topics

• What's the difference between a finding and an alert?
• Events
• Specifications