Vulnerability Event Management

Vulnerability Event List

Each detected vulnerability in the system is presented as a record in the Vulnerability List Table with details such as:

• Severity
• Affected Endpoint
• Timestamp
• Event ID
• Detection Category and Sub-category
• Vulnerability Summary
• Current Status
• Ticket ID (if linked)
• Analyst Notes

Event Actions

• Status Update: Update events individually or in bulk. Statuses include:
  • Open – Not yet reviewed
  • Analyzed – Under validation
  • False Positive – Not a valid issue
  • Resolved – Mitigated
  • Risk Accepted – Accepted due to business context or compensating control
• Create Ticket: Initiate tickets in tools like JIRA for development collaboration.
• Revalidate: Trigger a re-scan using current context and original payloads.
  • PassiveScan – Re-check latest traffic
  • ActiveScan – Retest vulnerabilities

Event Flypanel View

Clicking a list entry opens the Event Flypanel with full contextual details:

• Event Details: Includes category, rule ID, endpoint, timestamp, response code, CWE reference
• Evidence and Payload: Raw API request and response details
• Remediation Guidance: Suggested fixes, e.g., prevent stack traces in 5xx errors
• Status Update: Modify the vulnerability status directly
• Reproducibility Tools:
  • Export as curl commands
  • Export as Postman collection