Support
Working With Issues

Viewing Issues in Invicti Enterprise

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

The Issues window displays lists of vulnerabilities detected in scans run by your entire team. You can get an overview of Issues that have been assigned to you, those that are awaiting a Retest, and those that are Addressed.

  • Administrators and project managers benefit from an overview of all Issues, including the current State of each Issue and to whom it has been assigned.
  • You can send any issue to an issue tracking system that you integrated with Invicti.
  • You can see details of the HTTP Request and Response of an Issue.
  • You can update an issue details, such as Fixed(Unconfirmed) and Accepted Risk.

For further information, see Managing Issues in Invicti Enterprise.

You can also view issues using the Issues API Endpoints, enabling you to easily integrate with other applications or internal systems.

Issues lists

This table lists and explains the lists available from the submenus in the Issues window.

List

Description

To Do

This window displays a list of all the Issues that have been assigned to you. You can take action by fixing them, assigning them to someone else or changing their status.

  • The number next to the menu name indicates how many outstanding items you have on your To-Do list.
  • In the Status column for each newly identified vulnerability, it will read Present. Once you click Retest, it will change to Fixed (Unconfirmed).

Waiting for Retest

This window displays a list of all Issues whose State has been updated to Fixed (Unconfirmed). They are waiting to be tested automatically by Invicti Enterprise.

Addressed Issues

This window displays a list of all the Issues that have been addressed and whose State has been updated to one of the following:

  • Accepted Risk: Indicates that the Issue has been considered and is marked as a low risk vulnerability
  • False Positive: Indicates that the Issue has been considered and is marked as not a genuine vulnerability
  • Fixed (Confirmed): Indicates that the Issue has been fixed and confirmed by Invicti Enterprise, and so requires no further action

Users with Manage Issues (Restricted) permission can only mark an Issue’s state as ‘Fixed (Confirmed)’.

All Issues

This window displays a list of all Issues detected in scans run by your entire team. The entire team can view all Issues in a scan report, even if they only have the Manage Issues (Restricted) permission.

Issues page fields

This table lists and explains the fields listed on the Issues page’s columns and on an individual Issue page.

Field

Description

Title/Issue

This is the name of the vulnerability, such as Internal Server Error.

Some issues are grouped, meaning they are reported only once per website. This help text is displayed in the Details window.

Severity

This is the vulnerability severity level. The options are:

  • Critical
  • High
  • Medium
  • Low
  • Information
  • Best Practice

For further information, see Vulnerability Severity Levels.

Website Group/
Website

This is the name of the scanned website.

URL/
Issue URL

This is either the website address of the scanned website or the URL of the detected issue.

First Seen

This is the date and time the issue was first detected.

Last Seen

This is when the issue was most recently detected.

Tags

This is the label given to an issue to group and/or give additional context. For further information, see Tagging issues in Invicti Enterprise.

Assignee

This is the name of the person who has been assigned the task. It may be:

  • The Technical Contact for the scanned website
  • The Team Member who initiated the scan
  • Any other member of the team

Retestable

This indicates whether the issue can be retested. For further information, see Managing Issues.

Status

This indicates the current status of the issue. All Issues are initially marked as Present.

  • Present– This indicates that the Issue has been present.
  • Accepted Risk– This indicates that the Issue has been considered and is marked as a low risk vulnerability.
  • False Positive– This indicates that the Issue has been considered and is marked as not a genuine vulnerability.
  • Fixed (Unconfirmed)– This indicates that the Issue has been fixed but not confirmed by Invicti Enterprise.
  • Fixed (Confirmed)– This indicates that the Issue has been fixed and confirmed by Invicti Enterprise, and so requires no further action.
  • Fixed (Can’t Retest)– This indicates that the Issue has been found but Invicti cannot retest to confirm whether the Issue has been fixed or not.
  • Ignored– This indicates that the Issue was ignored by the user. In Invicti Enterprise, to ignore an issue, you update its status as “accepted risk”.
  • Revived– This indicates that the issue had been fixed in previous scans but revived again.
  • Scanning– This indicated that Invicti has been scanning the vulnerability.

For further information, see Addressed Issues and Issue Lifecycle.

Viewing issues in Invicti Enterprise

How to view all issues in Invicti Enterprise
  1. Log in to Invicti Enterprise.
  2. From the main menu, select Issues > All Issues.

For further information, see Issues Lists.

How to view issues assigned to you in Invicti Enterprise
  1. Log in to Invicti Enterprise.
  2. From the main menu, select Issues > To Do.

This page displays a list of all the issues that have been assigned to you.

For further information, see Issues Lists.

To export issue(s) to an issue tracking system, see Exporting a Vulnerability to an Issue Tracking System. Updating an issue? See Updating the Status of an Issue in Invicti Enterprise.

Filtering issues

Column Filters

All columns can be filtered, using a highly customizable combination of Fields, Operators, and Values. Each is explained below. This is useful for teams that manage the security of many websites.

Filters & Values

This table lists the filters and values available for the columns listed above. Select an option to filter the list by that criterion.

  • In many cases, values can be entered into the value field; in others, the value can be selected from a drop-down menu.
  • You can enter more than one filter at a time.

Field

Description

Value

Title

Select to filter issues by their title.

Enter a value.

Severity

Select to filter issues by severity.

The drop-down options are:

  • (Not Set)
  • Critical
  • High
  • Medium
  • Low
  • Information
  • Best Practice

Website Group

Select to filter issues by the website group.

Enter a value.

Website

Select to filter issues by the website.

Enter a value.

First Seen

Select to filter issues by the first seen date.

Select a date.

Last Seen

Select to filter issues by the last seen date.

Select a date.

Tags

Select to filter issues by tags.

Enter a value.

Assignee

Select to filter issues by the assignee.

Enter a value.

Retestable

Select to filter issues by testability.

The drop-down options are:

  • (Not Set) 
  • Yes 
  • No

Status

Select to filter issues by their status.

The drop-down options are:

  • (Not Set) 
  • Accepted Risk
  • False Positive
  • Fixed (Unconfirmed)
  • Fixed (Confirmed)
  • Fixed (Can’t Retest)
  • Ignored 
  • Revived
  • Scanning

State

Select to filter issues by their state.

The drop-down options are:

  • (Not Set) 
  • New
  • Not Found
  • Not Fixed
  • Fixed
  • Revived

Opened By

Select to filter issues by their opened date.

Select a date.

Addressed

Select to filter issues by their state which indicates
whether issues have been addressed or not.

The drop-down options are:

  • (Not Set) 
  • Yes 
  • No

Operator

This table lists and explains the Operators available for filtering columns. They work in conjunction with the Field, Operator, and Value.

Operator

Description

Equal

This operator can be used for exact matching. 

Not Equal 

This operator can be used to exclude some results based on exactly matching.

Contains

This operator can be used to include results if the filtered column contains the value. 

Not Contains

This operator can be used to exclude certain results.

Starts with 

This operator can be used to filter for columns that begin with the value. 

Ends with 

This operator can be used to filter for columns that end with the value. 

Less than 

This operator can be used to filter columns that contain numeric and date-time values rather than string values. 

Less than or equal 

This operator can be used to filter columns that contain numeric and date-time values rather than string values. 

Greater than or equal 

This operator can be used to filter columns that contain numeric and date-time values rather than string values. 

Greater than

This operator can be used to filter columns that contain numeric and date-time values rather than string values. 

How to filter issues in Invicti Enterprise
  1. From the main menu, select Issues > All Issues.
  2. From the Issues page, select the filter button () next to any header column.
  3. Select Clear to clear all fields.
  4. Add a New Filter.
  5. In the relevant filter, where relevant:
  • From the Field drop-down, select Tag.
  • From the Operator drop-down, select an option.
  • In the Value field, enter a value.
  1. Select Apply.

Invicti Help Center

Our Support team is ready to provide you with technical help.

Go to Help Center This will redirect you to the ticketing system.