The following high-level steps describe the general workflow of the Workbench module.
- Create a project in Workbench, which contains findings and project data.
- Create or use a pre-defined project checklist. A checklist tracks the work of users involved in the project, such as pentesters. Work tracked can include tasks performed, findings discovered, and other data. You can configure checklists to be automatically assigned to projects based on the project type.
- Import your scan and test data into a project workspace.
- Review reported instances, prioritizing based on finding severity. Typically, findings correlated to master findings with the highest severities are reviewed first. You can also use items in the project checklist as a starting point.
- Update finding and instance information, including severity, as needed.
- Identify false positives and findings to be correlated.
- Verify which findings are legitimate vulnerabilities that could be exploited.
- Update the state of verified findings and instances to final.
- After all findings have been reviewed, publish verified findings to the Track module for remediation workflow.