A particular location that a vulnerability could be found, such as an IP address, a web server, or a source code file.
A container for related data and projects. A business unit can represent a company, a department or business unit, or something as specific as an individual application or network.
A list of items that must be followed throughout the course of a project.
The association of findings belonging to a specific vulnerability to a Resolve master finding.
Common Platform Enumerations
For more information, see https://nvd.nist.gov/products/cpe.
Common Vulnerabilities and Exposures.
For more information, see https://cve.mitre.org/.
Common Vulnerability Scoring System.
For more information, see https://www.first.org/cvss/.
Common Weakness Enumeration.
For more information, see https://cwe.mitre.org/.
A container for data imported from a scanning or testing tool.
A file related to a project, such as a report or scope information.
The act of taking advantage of a vulnerability.
A single occurrence of a detected vulnerability on a particular asset.
|Global Instance||The first published instance in a set of duplicates.|
|Duplicate Instance||An instance that has already been discovered before, paired with a Global Instance.|
An area in a Resolve workspace that contains an organized list of findings.
A construct used by Resolve to link a finding to a master finding.
A container for instances belonging to a particular combination of asset and master finding.
An instance created manually instead of automatically imported from scan data.
A generic vulnerability write-up that crosses all workspaces, projects, and organizations. A master finding contains all of the relevant information about a vulnerability without being specific to any asset or environment.
Master finding variation
A component of a master finding that determines the information associated with a finding, such as the vulnerability description, business impact, instructions, and references.
National Institute of Standards and Technology.
For more information, see https://www.nist.gov/.
National Vulnerability Database.
For more information, see https://nvd.nist.gov/.
A container for data and information related to penetration tests and vulnerability scans. This includes data sources, assets, checklists, documents, and workspaces.
Open Web Application Security Project.
For more information, see https://www.owasp.org.
A list of questions used to identify key information about the project, such as what needs to be scanned or tested.
The potential loss or damage resulting from an vulnerability being exploited.
The intent to cause harm or damage to an asset.
A confirmation of a vulnerability fix.
See Master finding variation.
Evidence that a vulnerability exists on an asset as described by a reported instance.
A security flaw found on an asset.
A data container to review, manage, and update findings.