Whitespots Wiki
Login
  • Home
  • 🔦Auditor
    • 📥Deployment
      • Installation
      • Update
    • 🎯Features
      • 🚀Run Audit
        • AppSec Portal cooperation
        • Direct use of Auditor
      • ⚙️Settings
        • AppSec Portal cooperation
        • Direct use of the Auditor
          • Cleaner
          • Docker Credentials
          • Workers
          • Personalization
        • Jobs
          • Technical Jobs
          • Scanner Jobs
          • Job configuration
    • 🗒️Release notes
    • 🩼Maintenance
  • 🖥️AppSec Portal
    • 📥Deployment
      • License obtaining
      • Installation
      • Get started with the AppSec Portal
        • Сonfiguration options
      • Update
      • Accessing the AppSec Portal API Endpoints
      • Database transfer guide
      • FAQ: typical errors in deployment process
    • ⚙️Post install Configuration
    • 🎯Features
      • 🎣Auto Validator
        • Rule creation
        • Rules view
      • Deduplicator
        • ⚙️Basic deduplicator rules
        • ⚙️Advance Deduplicator rules
      • 🔦Vulnerability discovery
        • ✔️Audits
        • ⚙️Auditor settings
          • Auditor config
          • Sequences
            • Sequences creating
            • Sequences setting
        • 🔎Run audit
          • Run Audit Manually
          • Scheduled Audit Run
      • 🎯Recommendations
      • Security Metrics
        • Severity Statistics Dashboard
        • WRT (Weighted Risk Trend)
        • How to work with WRT (for team leads)
        • Metrics settings
          • SLA
        • CVSS
          • CVSS Rule
      • Custom Reports
      • 📈Active tasks
      • 🧺Asset management
        • How to import repositories from version control
        • Default product
        • Adding a product asset
        • Asset Transfer Between Products
      • 🕷️Findings view
        • All findings view
        • Grouped findings as a result of
        • Grouping of findings into groups
        • Available bulk actions
        • Viewing specific findings
        • Usable filters and easy sorting
      • 📊Jira
        • Jira integration configuration
        • Setting up Jira webhook
      • 👾Move from DefectDojo
      • 🔬Scanners
        • 🔌Importing reports from scanners to AppSec Portal
          • 🖐️Manual Import using Report File
          • Importing reports via Terminal using a Report File
          • Importing reports via Lambda Function using a Report File
        • Scanner description
          • Code Scanners
            • Bandit
            • Brakeman
            • Checkov
            • CodeQL
            • ESLint
            • Gemnasium
            • Gosec
            • Hadolint
            • KICS
            • PHPCodeSniffer
            • Retire.js
            • Semgrep
            • SpotBugs
            • Terrascan
          • Secret Scanners
            • Gitleaks
            • Trufflehog3
          • Image and code dependency Scanners
            • Trivy
            • Trivy vulners.com plugin
            • Snyk
          • Web Scanners
            • Arachni Scan
            • Acunetix
            • Burp Enterprise Scan
            • OWASP Zap
          • Infrastructure Scanners
            • AWS Security Hub Scan
              • Importing reports via AWS Lambda Function within AWS Security Hub
            • Prowler
            • Subfinder
            • Nessus
            • Nuclei
          • Mobile Security Scanners
            • MobSFScan
          • Other Scanners
            • Dependency-Track
            • Whitespots Portal
      • 📦Working with products
        • Product Creation
        • Product options
        • Finding groups
        • Risk assessment
        • Product Asset
    • 🛠️General Portal settings
      • Version Control Integration
      • Profile
      • Managing user roles and access control
        • User management
        • Creating and editing roles
      • SSO settings
        • GitLab SSO
        • Microsoft SSO
        • Okta SSO
      • Scanner settings
        • Auto Closer
        • Group findings by
        • Custom Jira description
        • Custom severity mapping
        • Auditor Job Config
      • Notification settings
        • Integration
        • Criteria & Schedule
        • Status change notification
        • Manage notification schedule
      • Repository Link Configs
      • CWE list
      • Tag screen
    • 🗒️Release notes
  • To be described
    • Documentation backlog
Powered by GitBook
On this page

Was this helpful?

  1. AppSec Portal
  2. Features
  3. Findings view

Grouped findings as a result of

PreviousAll findings viewNextGrouping of findings into groups

Last updated 1 year ago

Was this helpful?

If one of the criteria (Vulnerable URL, Dependency, File Path) is selected in the "Group findings by" field within the , the system checks this field's value during the import of results from the scanner. It then groups all findings with the chosen criterion into a single group.

Grouping operates as follows:

  • If a finding lacks a value for the grouping element (path, URL, or dependency), it remains individual.

  • If there's only one finding with a specific grouping element value, a new separate finding is created.

  • If multiple findings share the same grouping element value, they are grouped into a new grouped finding. Its name follows the format: "Many vulnerabilities found in {grouping_element_name}: {grouping_element_value}".

  • The Description of the grouped finding includes information about each grouped finding in the format: "[severity] title: line". The description of a grouped finding is limited to 3000 characters. If the description exceeds this limit, it will be truncated.

In grouped findings display, a new field appears (above the Description field), reflecting the grouping element's name (URL or dependency). This field holds the corresponding element's value. If the grouping element is the path, its value is shown in the "File Path" field.

Setting Severity: For a grouped finding, the severity is set as the highest severity among the individual findings within it. If a severity value cannot be extracted from a finding, the default scanner severity value is assigned.

If a file reappears during a reimport and it had been processed before but lacks one of the previously found findings, the grouped finding will not be reopened. This is because auto closer does not function within grouped findings.

If a file contains new findings during a reimport, they can be added as individual findings or, if there are two or more findings, a new grouped finding can be created.

Deduplication in the description field: During vulnerability grouping, the system compiles vulnerabilities that match the selected criterion (Vulnerable URL, Dependency, File Path) into a list. When creating a description for a grouped vulnerability, deduplication occurs. Deduplication involves the system using a set for all descriptions within the group, removing duplicate lines.

Therefore, if you see grouped vulnerabilities where only one vulnerability is visible inside, it means that the descriptions for those vulnerabilities were similar, and deduplication of lines occurred when creating the grouped vulnerability.

This mechanism provides a clearer and more compact representation of vulnerability groups, simplifying analysis and enhancing the readability of reports.

🖥️
🎯
🕷️
scanner settings
Grouped finding name example
Grouped finding description example
Example of a finding with a grouping element Path
Example of a finding with a grouping element URL
Example of a finding with a grouping element Dependency
This signifies the existence of multiple vulnerabilities with "Medium" severity and the description "High Entropy" at line 69