During a target scan, the scanner finds vulnerabilities within the target’s URLs. When the scanner finds a vulnerability, a finding is created. These findings are registered at Probely, and there are some actions you can do over them, namely:
Change a finding’s state
Change a finding’s risk
Change a finding’s assignee
Change a finding’s label
Re-test a finding
Add a note to a finding
Change State
A finding’s state can change either automatically (by the scanner, as a result of a target scan or re-test) or manually (by means of the user’s actions).
Using Probely’s interface, you can define a finding as “Accepted”, if you acknowledge and accept its risk, or as “Invalid”, if you consider it to be a false positive. These actions will be reflected on the STATE field shown below:
To learn more about findings’ states and how they can change, make sure to read this article.
Change Risk
Depending on the type of vulnerability found, its exploitability, impact, and scope, a CVSS score and risk/severity classification are attributed to the finding, helping you prioritize the vulnerabilities fixes:
While the CVSS score cannot be manually changed, you can still change the finding’s risk. This can be done directly from the finding’s details page, by clicking on the respective risk dropdown and choosing the intended risk:
Once you change a finding’s risk, Probely will not change it back, so please make sure you really intend to make the change. You can read more about the types of risks in severity levels in findings.
Change Assignee
After a target scan or a re-test, you may want to assign a vulnerability to be taken care of by a certain team member. This can be done either through the finding’s details page, by clicking on the respective dropdown, or through any list in which the finding is visible (target's page, scan results page, or findings list).
To learn more about how to change a finding’s assignee, make sure to read this article.
Change Labels
To help you filter your target scan results, you may want to use labels. Once you add finding labels, you can change your finding labels through the finding’s details page or through the findings list.
Re-test
After fixing vulnerabilities previously reported by Probely, you can re-test them to make sure they can no longer be exploited and are indeed resolved.
In order to start a re-test, just visit the finding’s details and click on the Re-test button, or access any list in which it is displayed (target's page, scan results page, or findings list), select it, and click on the Re-test button. If, during a re-test, the scanner isn’t able to replicate the vulnerability, the finding is marked as Fixed; otherwise, it remains listed as Not Fixed until it can no longer be replicated by the scanner.
Add a note
When viewing a vulnerability’s details, you can add comments or notes for your teammates: just scroll down to the bottom of the page, write the intended note and press the Add Note button. Please bear in mind that these notes are not a way of getting in touch with Probely, and should only be used as a means of leaving contextualized information available for your teammates.