Fortinet black logo

User Guide

24.1.a
24.1.a
24.1.0
23.4.a
23.4.0
23.3.0
23.2.a
23.2.0
23.1.a
23.1.0
22.4.a
22.4.0
22.1.0

Application Level

Application Level

The Application Level page in the Analytics section provides an in-depth analysis of the security posture of a specific application. Select the application, relevant code branch, and the specific scan result that you want from the Application, Branch, and Scan dropdown respectively. To refresh the application scan information, click Refresh.

The following information is displayed for the selected application.

  • OWASP Vulnerabilities - Displays the total number of vulnerabilities detected that align with the OWASP Top 10 list. Percentage change indicates the increase/decrease in the number of vulnerabilities since the previous scan. Click arrow to view detailed information in list or distribution graph formats.

  • SANS Vulnerabilities- Displays the total number of vulnerabilities detected that align with the SANS Top 25 list. Percentage change indicates the increase/decrease in the number of vulnerabilities since the previous scan. Click the arrow to view detailed information in list or distribution graph formats.

  • FortiGuard Outbreaks - Displays the total number of FortiGuard Outbreak Alerts detected. FortiGuard Outbreak Alerts identified by FortiGuard Labs provide critical information about ongoing cybersecurity attacks with significant potential impact. Percentage change indicates the increase/decrease in the number of vulnerabilities since the previous scan. Click arrow to view detailed information.

  • Supply Chain Threats - Displays the total number of supply chain threats detected. A supply chain threat is a potential risk or vulnerability within the production and distribution process that can compromise the security, integrity, or availability of products, services, or data. Percentage change indicates the increase/decrease in the number of vulnerabilities since the previous scan. Click arrow to view detailed information.

  • Latest Scan - Displays risk meter, risk rating, severity level, and vulnerability counts by severity.

  • Scan Comparison - Displays comparison of the latest scan with the previously selected scan. You can select the scan result of any prior scans from the dropdown for comparison. The following metrics are provided.

    • New Threats - Vulnerabilities detected in the latest scan but not the previous one.

    • Fixed - Vulnerabilities present in the previous scan that have been resolved.

      Note: When resolving a vulnerability, address all similar occurrences to ensure they are fixed.

    • Common - Vulnerabilities present in both scans.

    • Risk rating level - Indicates if the risk rating has increased, decreased, or remained the same (the risk rating level is not color coded to indicate severity).

  • Vulnerability Status Distribution - Displays the percentage of vulnerabilities in each status (New, Confirmed, In Review, Reopened, Fixed, Risk Accepted, False Positive, Removed). Select the severity checkbox to filter data.

  • Open vs. Fixed Vulnerabilities - Displays the percentage of open and fixed vulnerabilities grouped by severity.

  • Top Ten Vulnerability Findings - Lists top ten vulnerability findings with the highest count or the highest risk ratings. Use the dropdown to sort By Risk Rating or By Vulnerability Count.

  • Indexed Scan Time vs Lines of Code - Displays the number of lines of code scanned and the average scan time in hours over the selected period for the application. Choose between 3, 6, or 12 months from the dropdown.

  • Risk Rating Trend - Displays how the application's risk rating has changed over time. Choose between 3, 6, or 12 months from the dropdown.

Previous
Next

Application Level

The Application Level page in the Analytics section provides an in-depth analysis of the security posture of a specific application. Select the application, relevant code branch, and the specific scan result that you want from the Application, Branch, and Scan dropdown respectively. To refresh the application scan information, click Refresh.

The following information is displayed for the selected application.

  • OWASP Vulnerabilities - Displays the total number of vulnerabilities detected that align with the OWASP Top 10 list. Percentage change indicates the increase/decrease in the number of vulnerabilities since the previous scan. Click arrow to view detailed information in list or distribution graph formats.

  • SANS Vulnerabilities- Displays the total number of vulnerabilities detected that align with the SANS Top 25 list. Percentage change indicates the increase/decrease in the number of vulnerabilities since the previous scan. Click the arrow to view detailed information in list or distribution graph formats.

  • FortiGuard Outbreaks - Displays the total number of FortiGuard Outbreak Alerts detected. FortiGuard Outbreak Alerts identified by FortiGuard Labs provide critical information about ongoing cybersecurity attacks with significant potential impact. Percentage change indicates the increase/decrease in the number of vulnerabilities since the previous scan. Click arrow to view detailed information.

  • Supply Chain Threats - Displays the total number of supply chain threats detected. A supply chain threat is a potential risk or vulnerability within the production and distribution process that can compromise the security, integrity, or availability of products, services, or data. Percentage change indicates the increase/decrease in the number of vulnerabilities since the previous scan. Click arrow to view detailed information.

  • Latest Scan - Displays risk meter, risk rating, severity level, and vulnerability counts by severity.

  • Scan Comparison - Displays comparison of the latest scan with the previously selected scan. You can select the scan result of any prior scans from the dropdown for comparison. The following metrics are provided.

    • New Threats - Vulnerabilities detected in the latest scan but not the previous one.

    • Fixed - Vulnerabilities present in the previous scan that have been resolved.

      Note: When resolving a vulnerability, address all similar occurrences to ensure they are fixed.

    • Common - Vulnerabilities present in both scans.

    • Risk rating level - Indicates if the risk rating has increased, decreased, or remained the same (the risk rating level is not color coded to indicate severity).

  • Vulnerability Status Distribution - Displays the percentage of vulnerabilities in each status (New, Confirmed, In Review, Reopened, Fixed, Risk Accepted, False Positive, Removed). Select the severity checkbox to filter data.

  • Open vs. Fixed Vulnerabilities - Displays the percentage of open and fixed vulnerabilities grouped by severity.

  • Top Ten Vulnerability Findings - Lists top ten vulnerability findings with the highest count or the highest risk ratings. Use the dropdown to sort By Risk Rating or By Vulnerability Count.

  • Indexed Scan Time vs Lines of Code - Displays the number of lines of code scanned and the average scan time in hours over the selected period for the application. Choose between 3, 6, or 12 months from the dropdown.

  • Risk Rating Trend - Displays how the application's risk rating has changed over time. Choose between 3, 6, or 12 months from the dropdown.

Previous
Next