Scans and vulnerabilities
A high-level user guide for creating a scan and reviewing vulnerabilities
Scans are at the heart of the ProjectDiscovery Cloud Platform (PDCP). After adding assets, select the templates you want to use, and complete the scan details to start checking your tech stack for exploitable vulnerabilities.
On Scans, the three sections (sub-tabs) are Scans, Results, and Configurations.
- Scans - view all of the scans you, or your team created.
- Results - a summary of all scan results in a unified view.
- Configurations - explore integrations for alerting and ticketing, scan settings, and template options. (Check out the Integrations page for details.)
Scans
The Scans tab provides a summary of your scan data and displays a list of all of your created scans. These results can be explored using search and filtering.
The Scans section also includes the Create Scan and Connect to local Nuclei options.
Creating a Scan
From the Scans tab select Create New Scan to open the creation workflow.
For advanced scan configurations, check out Integrations we support for Jira, Slack, and more.
Select Assets
Select from existing Assets or add new assets.
Choose your templates
Choose the templates you want to use for scanning.
- Template Profiles (groups of templates for a specific category)
- Custom Templates (from the full Nuclei template library or any custom templates)
Finalize configuration
Provide a name, select a scan frequency, and complete any additional configurations (integrations, configurations, or variables).
Create your scan
Click Create Scan to start your new scan. This scan will be added to the Scans page with an in-progress status until it completes and provides the results of the scan with any vulnerabilities.
Results (Vulnerabilities)
All Scans
The main Results section of Scans displays the summarized results of all the scans in your environment.
Your results can be explored and refined through the categories (Vulnerabilities, Info, Affected Assets) or through filtering (Status, Severity, Host)
Individual Scans
To view the results of an individual scan, select that scan from the Scans page by clicking on the name. This displays the results of that scan and includes categories (Vulnerabilities, Info, Affected Assets) or filtering (Status, Severity, Host) to explore the details of the individual scan.
Select the Logs tab to view scanning logs with information around time, assets, detection template, and match results. The Logs also include error information to assist with any troubleshooting.
Vulnerabilities
From the results view (all or individual) selecting a vulnerability expands to show you the complete details including the template(s), assets, and detection information. From the results page you can:
- Export your vulnerabilities (JSON, CSV, PDF)
- Modify the status of the vulnerabilities (false positives/closed)
- Retest individual vulnerabilities
- Review the template used to identify vulnerabilities
Click on the individual vulnerability to review detailed information, including remediation recommendations.
Configurations
Configurations is where all of our scanning-based integrations are available. The Configurations section includes individual pages for each category outlined below:
- Alerting - currently supports integrations with Slack, MS Teams, Email, and Custom Webhooks. These great features can connect the scanning data with your teams through automation.
- Ticketing - currently supports integrations for Jira, GitHub, and GitLab. Use these integrations to create something as simple as an email notification, or integrate with Jira to create tickets based on your scan results.
- Scan - configure custom http headers, template variables, and custom interactsh server for your scans.
- Template - review our built in template configurations or create a new template configuration with template filters to include or exclude based on severity, tags, protocol, and template ID
Was this page helpful?