Findings Library

The Findings Library serves as a centralized repository for security findings in SPEAR. It provides structured storage for vulnerabilities, weaknesses, and strengths, along with sophisticated auto-mapping rules to automatically categorize imported findings.

Overview

The Findings Library enables teams to:

• Maintain a consistent library of security findings
• Standardize vulnerability descriptions and remediation guidance
• Automatically map imported scan results to custom findings
• Organize findings into logical categories
• Track validation status and quality control

Vulnerabilities

🖥️ Vulnerabilities List Interface Screenshot

Vulnerabilities represent specific security issues that can be exploited. They form the core of security assessments and reports.

Fields

Field	Type	Description
Title	Text	Descriptive name of the vulnerability
Description	Rich Text	Detailed technical description
Observation	Rich Text	What was observed during testing
Risk Assessment	Rich Text	Impact analysis and risk evaluation
Remediation	Rich Text	Steps to fix the vulnerability
Severity	Select	Critical, High, Medium, Low, Informational
CVSS Score	Number	Common Vulnerability Scoring System (0.0-10.0)
CVSS Vector	Text	CVSS vector string for score calculation
CVE IDs	Array	Associated Common Vulnerabilities and Exposures
CWE IDs	Array	Associated Common Weakness Enumeration
Category	Relation	Organizational category
References	Array	External reference links
isPrebuilt	Boolean	System-provided vs. user-created

Validation Workflow

Vulnerabilities progress through validation states:

State	Description
draft	Initial state, finding created but not validated
validated	Finding reviewed and approved for use
rejected	Finding rejected, requires revision

Import Sources

SPEAR supports importing vulnerabilities from major security tools:

Tool	Format	Description
Burp Suite	XML, HTML	Web application scanner results
NodeZero	CSV	Autonomous penetration testing
Nexpose	XML	Rapid7 vulnerability scanner
BloodHound	ZIP	Active Directory attack paths
Nessus	XML	Tenable vulnerability scanner
Nuclei	JSON	Template-based scanning
SPEAR Format	JSON	Standardized import format

Weaknesses

🖥️ Weaknesses Management Interface Screenshot

Weaknesses represent broader security issues that aren’t tied to specific exploitable vulnerabilities. They describe systemic problems or gaps in security controls.

Fields

Field	Type	Description
Title	Text	Descriptive name of the weakness
Description	Rich Text	Detailed description of the weakness
Impact	Rich Text	Potential business impact
Recommendations	Rich Text	Suggested improvements
Category	Relation	Organizational category
Severity	Select	Critical, High, Medium, Low, Informational

Use Cases

• Missing security controls (e.g., no MFA enforcement)
• Process deficiencies (e.g., lack of patch management)
• Configuration issues (e.g., default credentials policy)
• Compliance gaps (e.g., missing audit logging)

Strengths

🖥️ Strengths Interface Screenshot

Strengths represent positive security findings and good practices observed during assessments. They provide balanced reporting by highlighting what the organization does well.

Fields

Field	Type	Description
Title	Text	Descriptive name of the strength
Description	Rich Text	Detailed description
Value Proposition	Rich Text	Why this is beneficial
Category	Relation	Organizational category

Use Cases

• Effective security controls (e.g., robust input validation)
• Good practices (e.g., regular security training)
• Strong configurations (e.g., hardened server settings)
• Mature processes (e.g., incident response procedures)

Categories

Categories organize findings into logical groups for easier management and reporting.

Default Categories

• Web Application Security
• Network Security
• Infrastructure Security
• Physical Security
• Social Engineering
• Mobile Application Security
• Cloud Security
• Identity and Access Management

Custom Categories

Create custom categories to match your organization’s taxonomy:

1. Navigate to Reports > Findings > Categories
2. Click New Category
3. Enter name and optional description
4. Assign color for visual identification

Auto-Mapping Rules

🖥️ Auto-Mapping Rules Configuration Screenshot

Auto-mapping rules automatically map imported vulnerabilities from scanning tools to your custom findings library. This ensures consistency and saves time when processing large scan results.

How It Works

1. Vulnerabilities are imported from external tools
2. Auto-mapping rules evaluate each imported finding
3. Matching rules link imported findings to library entries
4. Mapped findings inherit standardized descriptions and remediation

Match Criteria

Rules can match on multiple criteria:

Criterion	Match Type	Description
Title	Fuzzy/Exact	Match vulnerability title patterns
CVE ID	Exact	Match specific CVE identifiers
CWE ID	Exact	Match CWE identifiers
Severity	Exact	Match severity level
Category	Exact	Match finding category
Source Tool	Exact	Match import source

Rule Priority

Rules are evaluated in priority order (lower number = higher priority). The first matching rule wins.

Creating Rules

1. Navigate to Reports > Findings > Auto-Mapping
2. Click New Rule
3. Configure match criteria:
   • Set title pattern (supports wildcards)
   • Add CVE/CWE filters
   • Select severity constraints
4. Select target finding from library
5. Set priority (default: 100)
6. Test rule against sample data
7. Save and activate

Testing Rules

Before activating, test rules against existing imported data:

1. Click Test Rule on the rule editor
2. Review matched findings
3. Verify false positive rate
4. Adjust criteria as needed

Findings Review

🖥️ Findings Review Workflow Screenshot

The review workflow provides bulk validation capabilities for quality control.

Review Process

1. Navigate to Reports > Findings > Review
2. Filter by status (draft, pending review)
3. Select findings for bulk review
4. Apply validation decision:
   • Approve - Mark as validated
   • Reject - Mark for revision
   • Request Changes - Add notes and return to author

Bulk Operations

• Select multiple findings with checkboxes
• Apply same validation status to all selected
• Add shared validation notes
• Assign to reviewer

Integration with Reports

Inserting Findings

Findings from the library can be inserted into reports:

1. Open report section editor
2. Access findings picker (toolbar button)
3. Search or browse library
4. Select finding(s) to insert
5. Content populates in editor

Linked vs. Copied

• Linked - Changes to library finding update report
• Copied - Finding content copied, no ongoing link

Findings Sections

Report templates can include dedicated findings sections that:

• Display findings table with severity breakdown
• Auto-populate from mapped operations data
• Support custom grouping and sorting

Best Practices

Maintain Consistent Naming

Use clear, consistent naming conventions for findings:

• Start with the issue type (e.g., “SQL Injection in…”)
• Include affected component or location
• Avoid overly generic titles

Write Actionable Remediation

Remediation guidance should be:

• Specific and actionable
• Include code examples where appropriate
• Reference best practices and standards
• Provide verification steps

Use Categories Effectively

• Group related findings logically
• Don’t create overly granular categories
• Review and consolidate periodically

Tune Auto-Mapping Rules

• Start with high-confidence exact matches
• Add fuzzy matches for known variations
• Monitor false positive/negative rates
• Refine rules based on import results