Vulnerabilities appearing in an environment are represented in Resolve as findings.
A finding is comprised of two key pieces — a specific vulnerability and the asset, which is the location where the vulnerability was discovered. An asset could be an IP address, a URL, or an application.
Every finding in Resolve contains one or more instances. An instance is a single occurrence of a detected vulnerability on a specific asset. A finding rolls up these instances in one place, allowing you to track instances as a single entity. This helps to pool and focus efforts rather than opening up multiple tickets to track the remediation of each individual instance. Findings also help ensure consistency by using a normalized definition of the vulnerability.
A physical analogy can be used to help describe the data structure conceptually. Let's take an example of a house as an asset. The house has many exterior and interior doors. You could test each of the doors on the outside to determine if they are locked. If any of the doors are unlocked, you would have a finding such as "Unlocked door." The finding allows you to track that the house has a problem with unlocked doors. Which doors are unlocked is also important information. An unlocked front door, side door, and back door are treated as separate instances
Let's expand the example to take a whole neighborhood. In the neighborhood, every house is checked for unlocked doors. Each house that is found to have one or more unlocked doors is reported as a finding similar to "Unlocked doors." Each house may have different doors that are unlocked, tracked as unique instances.