A master finding is a generic vulnerability type that crosses all business units, projects, and workspaces.

A master finding contains all of the relevant information about a vulnerability without being specific to any asset or environment. This includes a description of the vulnerability, assessed business impact, and severity. A master finding might also include remediation, verification, or exploitation instructions as well as references to external sources, such as a Microsoft bulletin.

Selection of master finding examples
  • SQL injection
  • Cross-site scripting (XSS)
  • Patch missing
  • Information disclosure
  • Vulnerable TLS version

Master findings are automatically created when test or scan data is imported for a specific vulnerability that has not been encountered prior. Newly created master findings copy the available information from the scanner as a placeholder until the master finding can be updated with information from a penetration tester or other qualified resource. If findings for the same vulnerability are imported into Resolve later, they are automatically correlated to that master finding.

Resolve also has a built-in findings that you can leverage. This pre-existing data set has all of the most common vulnerabilities with NetSPI definitions.

You are not required to use the definitions provided by NetSPI or master findings created from imported data; you can create and define your own master findings. You can also modify any existing master findings to suit the needs of your environment.

Master finding relationship

The illustration shows the relationship in Resolve between master findings, assets, instances, and findings.

Master finding variations

The information used in a master finding, such as the description, instructions, and references, comes from the associated master finding variation. You can add variations to a master finding that contain different information.

For example, the same vulnerability has been discovered on several different web servers in your organization's environment. These servers are not in the same network segment or even in the same site or department. Because of this, the process of verifying and remediating the vulnerability differs depending on where the server is located. Instead of maintaining separate master findings for these cases, you can create a variation for each case belonging to the same master finding.

Correlation references

A correlation reference is a construct used by Resolve to link a finding to a master finding. A correlation reference also provides historical details about a master finding as it was originally imported, including information about the tool that generated it. Effectively, it's a carbon copy of the master finding at the time of creation that preserves the original data. The correlation reference also preserves the relationship of the original finding to the master finding.

Correlation references are an important part of the correlation feature. For more information, see How correlation works.