Findings overview

The Findings feature in the FireTail platform helps detect known API security issues and align with best practices from various API security frameworks, including:

• OWASP's top 10 API
• CIS API Security Guide
• CWE Top 25
• Mitre Tactics
• Mitre Techniques

By identifying these vulnerabilities, you can address issues such as broken authentication, mass assignment, and security misconfiguration and so on.

How Findings are triggered

Findings can be generated through several methods, known as Events:

• Specification Upload: When an API specification is uploaded to the FireTail platform.
• GitHub Repository Scans: When a repository is scanned for vulnerabilities.
• Log Detections: When anomalies or issues are detected in logs.
• Active Scanning Observations: When active scans identify potential issues.

The backend events processor evaluates whether the criteria for a finding are met. A single event can trigger multiple findings.

To view findings, navigate to Posture Management and select the Findings tab.

Overview

The findings page displays the total number of findings within each severity category. These categories are:

• Information
• Low
• Medium
• High
• Critical 

Select a severity, or multiple severities to view findings with the selected severities.

To view findings for a specific framework, select the required framework or frameworks.

Click Download to download a CSV file of the findings data. Learn more about how to download.

Filters 

Use the Filter function to view findings on the platform that match the criteria of your filter. Click Filters and apply one or more of the following filters:

Duration - this is the time from when the finding was created.

Select field - In the select field dropdown you can choose to filter by:

• API
• Application
• Severity
• Status
• Name
• Event
• Security Frameworks‍

Click confirm to apply the filter parameters. The findings displayed reflects the parameters you have applied.

Finding severity

Each finding is tagged with a severity. You can redefine the default severity of the finding. The severities to choose from are:

• Information
• Low
• Medium
• High
• Critical 

Change finding severity

Each finding is tagged with a severity. You can redefine the default severity of the finding

1. Click the appropriate finding.
2. Click the severity dropdown menu.
3. Select the new severity.
4. Click Update on the confirmation screen to confirm the new severity.

Status 

The default status of a finding is Open, you can change the status of the finding.

• Open - The finding is active and requires attention.
• Remediated - The issue has been resolved.
• Ignored - The finding is deemed unimportant.
• Risk accepted - The risk is acknowledged but not addressed.
• False positive - The finding was incorrectly flagged as an issue.

If you mark a finding as Risk Accepted, Ignored, or False Positive, our system will not trigger the finding again if it is rediscovered in future scans. However, if you mark a finding as Remediated, it will be reopened if the same issue is discovered again during subsequent scans.

Change status 

1. Click the status dropdown menu.
2. Select the new status.
3. Click Update on the confirmation screen to confirm the new status.

Findings details

Click on a finding to view additional details, including why it was discovered and where in the specification file the issue occurred, if applicable.

Remediation

Assess your business needs before applying any remediation suggestions.

Address the security issues by following the recommended steps.

Compliance

The findings page also indicates which security frameworks correspond to each finding.

Related topics

• Findings list
• What's the difference between a finding and an alert?
• Events
• Specifications