Attack Paths

It is available under both:

• Modules → External Assessment → Attack Paths

• Modules → Internal Assessment → Attack Paths

Findings list

The list groups findings into three triage tabs. Each tab shows a live count for the currently applied filters.

A N findings total indicator on the right shows the combined count across all three tabs for the current filter set.

Filters

The filter bar above the tabs scopes every tab simultaneously.

• Search: free-text match against vulnerability name (debounced).

• Domain (external) / Subnet (internal): multi-select. You must pick at least one target before findings load.

• Type: vulnerability category (XSS, SSRF, Auth Bypass, etc.).

• Severity: Critical, High, Medium, Low, or Informational.

• Sort: Critical first or Informational first.

Selected domains and subnets persist across navigations within the session.

Row layout

Each row shows: severity pill, vulnerability name, type, target host/path, and discovery date. Clicking a row opens the Finding detail page for that vulnerability.

Finding detail page

Selecting a finding opens a dedicated report page at:

This page is a full vulnerability report, designed to be read top-to-bottom, exported, or shared. The right-hand sidebar holds properties, actions, and a jump-to navigator.

Header

• Breadcrumb back to the findings list

• Vulnerability name (with target host appended)

• Severity pill, CWE, published date, and a Verified badge if the Validator confirmed the finding

Duplicate banner

If the finding is a duplicate, a banner at the top names the original it duplicates (clickable) and shows the LLM-generated reason for the duplicate match.

Sections

1. Summary: Markdown-rendered vulnerability description.

2. Details: CVSS score, CVE ID, CWE, type, target, and discovery date.

3. AI Reasoning: a staged timeline of how the Copilot arrived at this finding:

4. Remediation: suggested fix, rendered from Markdown.

5. References: auto-linked CVE (NVD), CWE (MITRE), and any external reference URLs.

6. Attack Path: opens the full graph drawer (see below).

Sidebar

• Properties: severity, CVSS, CVE, CWE, type, target, date, verified status.

• Status pill: change the finding between Valid, False Positive, and Duplicate. Requires the vulnerabilities.update_status permission.

• View Attack Path: opens the graph drawer in read-only mode.

• Retest: opens the graph drawer in retest mode. Requires the scans.retest permission.

• Jump to: quick links to every section of the report. When indicator hits exist, a highlighted shortcut group lists each hit modification individually. The sidebar can be collapsed with the chevron in its top bar.

Attack path drawer

The drawer renders the full chain of nodes for the finding

View mode

Read-only graph for inspecting the chain. Useful for understanding how the Copilot reached the vulnerability.

Retest mode

Toggle Retest mode in the drawer to:

1. Pick a start node anywhere in the chain. The retest will replay every step from that node onward.

2. (Internal assessments) select the agent that should run the retest.

3. (External assessments) optionally pin a browser session.

4. Click Start retest to enqueue. Retest results flow back into the same finding and update its verification status. The button is disabled if your role lacks scans.retest.

Status workflow

Status changes are written immediately and reflected on the list (counts and tab membership update) without a page reload.