Audits
Last updated
Last updated
The audit provides you with a comprehensive, standardized and versioned evaluation of the penetration tests you have carried out.
Under the assigned alias or the name of the pentest, you can see the current status of the penetration test in addition to the creation and modification date:
Finished: The pentest was carried out as planned.
In Progress: The pentest is still running. You can see the time already elapsed, the estimated time remaining and the number of completed targets, targets in progress and outstanding targets in the table.
Error: Problems have occurred during execution (e.g. the connection to the hacking gate has been interrupted). If this is the case, check the configurations and restart the pentest.
After the penetration test has been carried out, you will receive general data on the audit in the overview. Among other things, you can already see the number of checks carried out, including their urgency.
To access the audit details, click on the respective audit.
Create an audit export to download your audit. To do this, click on the corresponding button. Assign a name in the overlay that appears and select the appropriate format. Here you have the choice between:
CSV
JSON
XML
Finally, click on "Create export" to download the audit. If required, you can also repeat the pentesting by clicking on the corresponding button in the top right-hand corner.
Please note that old audits CANNOT be mapped in the new UI. For this reason, please create and save your existing reports first and only then switch to the beta version!
The left-hand window summarizes the metadata of the audit performed. You will receive information about:
Starting point of the audit
Name of the Hacktor
Selected audit definition
Tested target Groups
Auth Providers
IP addresses of the targets
Click on the information to access the desired views.
On the right-hand side you will find clear presentations of the audit results.
Risk over time per audit by Audit Definition
The view brings together the risk score of all audits carried out according to the same audit definition and provides you with a quick overview of the development of the risk score over time. Obtain more detailed information by moving the cursor to the desired bar. Drag a field with your cursor to create a zoom view.
Severities
Find out at a glance how many findings were assigned to which severity level.
Affected areas
Here you will find a breakdown of how many findings of which severity levels are newly affected by the listed services. For detailed information, click on the desired service or value to access the summary.
Affected categories
The situation is similar with "Affected categories", where the breakdown of severity levels refers to affected categories.
Top #20 riskiest targets
The two lower views are used to quickly identify the most vulnerable targets. The scatter plot classifies the affected targets visually according to risk score. The adjacent table lists the corresponding hosts. Click on one of the listed hosts to go to the target view.
A summary provides you with a cross-target system view of the entire pentest. Here you get a detailed insight into all findings. Each check carried out is displayed and all targets are summarized. Customize the results output to your requirements by using the free field search. Display specific entries or select the desired filters in the filter view on the left. You can choose from the following main categories:
Severity
Checks
Targets
Ports
Scope
Category
Click on the desired top category in the filter list to select all variables in this category. Clicking on a result opens an overlay which displays detailed information. At the top of the overlay, you will once again receive information about the vulnerability in question and below it, how it can affect you. Below this you will find information on the following metadata:
Severity (classification as high, low, medium or ok)
Risk Score (correlation of number of results and criticality)
Category (indication of applicable category)
Scope (applicable technology)
Vendor (manufacturer of the affected product)
Product (the affected product)
Version (information on the version used)
A target-based presentation of the findings awaits you here. On the left-hand side, you will find a list of all pentested targets, including the associated risk score. The middle view contains metadata as well as a list of open ports and affected services.
Clicking on a variable sets a filter and displays the corresponding results in the right-hand column. A free field search is also available here; use this to display the corresponding results. You can change the sort order of your results by clicking on the symbol to the left of the search field.
Add comments to issued checks. To do this, click on the hand symbol next to the relevant check. This opens a new pop-up window. Enter a comment in this window. Below this, you have the option of making configurations. Decide how the comment should be handled in future:
Also apply to future audits
Apply to all targets
Apply to all urgencies
Apply to all ports
Finally, save your settings by clicking on the "Add appeasement" button.
Use Delta to compare the results of two audits of the same audit definition. Use the delta function to find out how the risk score has changed and which weaknesses have already been addressed or have been added.
Select a reference audit from the drop-down menu. You will then be taken to the Delta view and receive a detailed comparison view of both audits. At the top left you have the option to change your reference audit, select an audit from the list in the drop-down menu. You will see the current audit on the left-hand side and the previously selected reference audit on the right-hand side. In addition to the respective risk scores, the green and red markers tell you what has changed in the detected weaknesses or which characteristics have remained the same.
Red: Red markers show which information can no longer be viewed. Green:
Green: Green markers show which vulnerabilities have been added.