When viewing scan result sets or vulnerabilities in the AppCheck Portal it is possible to apply changes (such as reporting a False Positive or assigning vulnerabilities to a user) to multiple vulnerabilities in a single action.

The available actions are listed at the top of the table, and apply to all vulnerabilities currently displayed.

In the above example, clicking "Assign user" would allow us to assign all 92 displayed vulnerabilities to a chosen user:

Selecting Vulnerabilities

To select a subset of the displayed vulnerabilities, and perform actions on that subset, filters can be applied to the table.

Available and active filters are shown above the table.  In this example:

• A search filter has been applied: "Attack URL" starts with "http://localhost:8686/xss"
• Medium, Low and Info levels have been deselected, leaving only High selected
• A filter is applied to Status to show only Unfixed vulnerabilities (this filter is active by default)

Adding Filters

Adding Filters can be done a number of ways

Impact

The rectangles above the table labelled "High", "Medium", "Low" and "Info" show the number of vulnerabilities of that Impact.  Clicking one of these rectangles toggles the display of those vulnerabilities.  For example to show only High Impact vulnerabilities click the rectangles so that High is ticked and Medium, Low and Info are not.

Searches

Searches narrow down the displayed results by matching vulnerability values against a pattern you specify, such as where the vulnerability Title begins with a certain word, or the CVSS V3 Score is a certain number or higher.

The Search box allows you to create custom searches by specifying a field, an operator and a value. 

Creating a New Search Manually

1. Click the search box to be presented with a list of fields to choose from
2. Select one of those fields (such as "Title" or "CVSS V3 Score") to be presented with a list of operators (such as "greater than" or "starts with")
3. Select an operator
4. Type a value

For example:

• Titlestarts withReflected
• CVSS V3 Scoreis greater than4

Click in an empty area of the search bar to add another search.  Click on an existing search to edit it.

Filters

Filters are similar to searches, but operate on fields which have a set number of possible values (such as vulnerability status).

Filters apply exact matches (such as "Status" is "Unfixed" (the default filter)) but you may select multiple possible values for each field, such as "Status" is "False Positive or Acceptable Risk".

Creating a New Filter Manually

Click the New Filters button to see a list of available filters:

Adding Searches and Filters from the Table

As well as creating searches and filters manually, you can create them by clicking certain fields in the vulnerabilities table.

Mouse-over a vulnerability in the table to see the available filters:

In this example, the filter icon (a grey funnel) appears over the CVSS Score, Attack URL, Query and Assignee fields.

Clicking one of these filter icons will present a list of options to generate an appropriate search/filter:

Once created, the search/filter will be applied to the table and shown above:

Saving Searches and Filters

To save your searches and filters, click New Filters, then Save Filter.

To load saved searches and filters, click Load Filters.