Adding Custom Result States

Owned by Eliezer Basner (Unlicensed)
Last updated: Aug 18, 2021
3 min read

Result States are useful for marking scan results. For example, marking results as false positives indicates to the team that these results can be disregarded. Similarly, marking a result as urgent indicates to the team that it must be handled as soon as possible. In the screen below, the Result State column shows that all the results are marked with the “To Verify” default state.

To mark a Result State, use the Result State drop-down menu, located in the upper-left corner of the above screen.

The following pre-defined result states are provided:

  • To Verify (default) – instance requires verification (i.e. authorized user)

  • Not Exploitable – instance has been confirmed as not exploitable (i.e. false positive). Instances defined with this state are not represented in the scan summary, graph, reports or dashboard, etc.

  • Proposed Not Exploitable – instance has been proposed as not exploitable (i.e. potential false positive). Instances defined with this state are represented in the scan summary, graph, reports or dashboard, etc. until such a time that the state is changed to “Not Exploitable"

  • Confirmed – instance has been confirmed as exploitable and requires handling

  • Urgent – instance has been confirmed as exploitable and requires urgent handling.

 

For more information, see the Results Summary → Results section in Navigating Scan Results (v9.3.0 and up).

If a user requires additional states or prefers states with different terminology, user-defined custom result states can be added. The custom states will be added to the Result State drop-down menu. 

To add user-defined custom result states do the following:

  1.  Open the CxSAST database.

  2. Open the Translations table.

  3. Add a new record to the Translations table with new result state.

     

  4. Open the Result States table.

  5. Add a new record to the Result States table.

     

  6. Restart the CxSystemManager service.

  7. If you are creating more than one new custom result state, also run IISRESET.

  8. Login to CxSAST Web portal.

  9. Go to Access Control-->Roles.

  10. Click Add new role. The new custom result state is displayed on the list of roles.