Analyzing Individual Findings

Analyzing Individual Findings

When you encounter a finding from a scan and want to understand exactly what it means and how to fix it, AI analysis provides detailed, contextual guidance.

How to Analyze a Finding

1. Navigate to the finding you want to analyze. You can find it in the scan results, the asset detail page, or the findings list.
2. Click the AI Analysis button on the finding.
3. Wait for the analysis to load — a skeleton loading indicator shows while the AI processes the finding.
4. Read the structured analysis that appears inline below the finding.

What the AI Considers

When analyzing a finding, the AI takes into account:

• The specific vulnerability type and its known exploitation techniques.
• The severity assigned by the scanner.
• The evidence data from the finding (matched URLs, response data, port information).
• The asset type (domain vs. IP) and any detected CDN/WAF.

Example: Missing Security Header

For a finding like "Missing Content-Security-Policy Header," the AI analysis might include:

• Summary — Your web application does not set a Content-Security-Policy header, which helps prevent cross-site scripting and data injection attacks.
• Risk — Without CSP, the browser has no instructions on which content sources are trusted, making XSS attacks easier to execute.
• How to Fix — Add the header to your web server configuration with specific directive recommendations based on common use cases.
• Prevention — Include CSP headers in your deployment checklist and test with report-only mode before enforcing.

Limitations

AI analysis provides guidance based on the information available from the scan. It does not have access to your application source code or internal architecture, so remediation steps are based on common configurations. Always validate the recommendations against your specific setup.