Security Event Management

Security Event List

Each detected vulnerability in the system is presented as a record in the Vulnerability List Table with details such as:

• Severity
• Action
• Endpoint
• Timestamp
• Event ID
• HTTP Response
• Detection Category and Sub-category
• Event Summary
• Event Summary
• User
• Ticket ID (if linked)
• Analyst Notes

Event Actions

• Status Update: Update events individually or in bulk. Statuses include:
  • Open – Not yet reviewed
  • Analyzed – Under validation
  • False Positive – Not a valid issue
  • Resolved – Mitigated
  • Risk Accepted – Accepted due to business context or compensating control
• Create Ticket: Initiate tickets in tools like JIRA for development and Secuirty Analyst collaboration.
• Show Successful Events Only: When enabled, this filter displays only those vulnerability events where the underlying API request was successfully executed. It excludes failed or incomplete test attempts, ensuring focus on valid, reproducible findings.

Event Flypanel View

Clicking a list entry opens the Event Flypanel with full contextual details:

• Event Details: Includes category, rule ID, endpoint, timestamp, response code, CWE reference
• Evidence and Payload: Raw API request and response details
• Status Update: Modify the vulnerability status directly