Skip to main content
All CollectionsScanningMisc
Actions on Vulnerabilities
Actions on Vulnerabilities

Everything you need to know about vulnerabilities

Ana Pascoal avatar
Written by Ana Pascoal
Updated over a week ago

During a target scan, the scanner finds vulnerabilities within the target’s URLs. When the scanner finds a vulnerability, a finding is created. These findings are registered at Probely, and there are some actions you can do over them, namely:

  • Change a finding’s state

  • Change a finding’s risk

  • Change a finding’s assignee

  • Change a finding’s label

  • Re-test a finding

  • Add a note to a finding

Change State

A finding’s state can change either automatically (by the scanner, as a result of a target scan or re-test) or manually (by means of the user’s actions).

Using Probely’s interface, you can define a finding as “Accepted”, if you acknowledge and accept its risk, or as “Invalid”, if you consider it to be a false positive. These actions will be reflected on the STATE field shown below:

To learn more about findings’ states and how they can change, make sure to read this article.

Change Risk

Depending on the type of vulnerability found, its exploitability, impact, and scope, a CVSS score and risk/severity classification are attributed to the finding, helping you prioritize the vulnerabilities fixes:

While the CVSS score cannot be manually changed, you can still change the finding’s risk. This can be done directly from the finding’s details page, by clicking on the respective risk dropdown and choosing the intended risk:

Once you change a finding’s risk, Probely will not change it back, so please make sure you really intend to make the change. You can read more about the types of risks in severity levels in findings.

Change Assignee

After a target scan or a re-test, you may want to assign a vulnerability to be taken care of by a certain team member. This can be done either through the finding’s details page, by clicking on the respective dropdown, or through any list in which the finding is visible (target's page, scan results page, or findings list).

To learn more about how to change a finding’s assignee, make sure to read this article.

Change Labels

To help you filter your target scan results, you may want to use labels. Once you add finding labels, you can change your finding labels through the finding’s details page or through the findings list.

Re-test

After fixing vulnerabilities previously reported by Probely, you can re-test them to make sure they can no longer be exploited and are indeed resolved.

In order to start a re-test, just visit the finding’s details and click on the Re-test button, or access any list in which it is displayed (target's page, scan results page, or findings list), select it, and click on the Re-test button. If, during a re-test, the scanner isn’t able to replicate the vulnerability, the finding is marked as Fixed; otherwise, it remains listed as Not Fixed until it can no longer be replicated by the scanner.

Add a note

When viewing a vulnerability’s details, you can add comments or notes for your teammates: just scroll down to the bottom of the page, write the intended note and press the Add Note button. Please bear in mind that these notes are not a way of getting in touch with Probely, and should only be used as a means of leaving contextualized information available for your teammates.

Did this answer your question?