Interpreting Scan Results

Interpreting Scan Results

After a scan completes, the results are organized into findings — individual pieces of evidence that a vulnerability exists or a service is exposed. Understanding how to read these findings is essential to taking effective action.

Finding Structure

Each finding includes:

• Title — A short description of what was found (e.g., "Missing X-Frame-Options Header").
• Severity — Critical, High, Medium, Low, or Info.
• Description — A detailed explanation of the finding and why it matters.
• Asset — Which asset the finding was detected on.
• Scanner — Whether it came from Nuclei or Nmap.
• Evidence — Technical details such as the matched URL, port, or response data.

Severity Levels

Findings are classified into four actionable severity levels (plus Info, which is hidden by default):

• Critical (red) — Requires immediate attention. These findings represent actively exploitable vulnerabilities.
• High (orange) — Should be addressed as soon as possible. These are serious security concerns.
• Medium (yellow) — Should be planned into your next maintenance window. Important but not urgent.
• Low (blue) — Informational security improvements. Address when time permits.

Automatic Issue Creation

When a scan produces findings with Critical or High severity that do not already have an associated open issue, FortWatch automatically creates a tracked issue. This ensures the most important findings are never overlooked.

Comparing Scan Results

Each scan is stored independently, so you can compare results between scans to track your progress:

• New findings — Vulnerabilities that appeared for the first time in this scan.
• Resolved findings — Vulnerabilities that were present in the previous scan but are no longer detected.
• Persistent findings — Vulnerabilities that continue to be detected across multiple scans.