Skip to Content
Attack Surface ManagementResults

Results

Surface Monitoring generates findings when it detects vulnerabilities or security issues on your discovered assets. This page explains how to interpret findings, what severity levels mean, and how finding statuses track remediation progress.

Understanding Findings

Each finding represents a specific security issue detected on a specific asset. A finding includes:

  • Title: A descriptive name for the vulnerability or issue
  • Severity: The risk level of the finding
  • Asset: The domain, subdomain, or IP address where the issue was detected
  • Description: Detailed explanation of the vulnerability, including why it matters
  • Evidence: Specific data from the assessment that confirms the finding (e.g., HTTP response details, certificate data)
  • Remediation guidance: Steps to fix the issue

Severity Levels

Findings are classified into severity levels based on the potential impact of exploitation:

SeverityDescription
CriticalImmediate risk of exploitation with severe impact. Includes vulnerabilities that could allow unauthorized access, data exfiltration, or full system compromise.
HighSignificant security risk that should be addressed promptly. Includes issues that could lead to partial compromise or data exposure under certain conditions.
MediumModerate risk that should be addressed as part of regular security maintenance. May require additional conditions to exploit.
LowMinor security concern or informational finding. Represents best-practice deviations or configuration improvements.
InformationObservations about your attack surface that do not represent direct vulnerabilities but provide useful context for security decisions.

Finding Statuses

Each finding progresses through a lifecycle tracked by its status:

New

The finding has been detected for the first time. New findings should be triaged to determine priority and assign remediation ownership.

Active

The finding has been acknowledged and is being tracked. Active findings persist across assessment cycles, confirming the issue is still present. The finding was detected in the most recent assessment.

Fixed

The vulnerability is no longer detected. Surface Monitoring automatically transitions findings to Fixed when a subsequent assessment confirms the issue is resolved. This is the auto-fix behavior described in How It Works.

Regression

A previously fixed finding has reappeared. Regressions indicate that a remediation was incomplete, reverted, or that the same vulnerability has been reintroduced on the asset. Regressions are flagged with higher visibility to ensure they receive prompt attention.

Filtering and Sorting Findings

The findings view supports multiple filters to help you focus on what matters:

  • Severity: Show only findings at or above a specific severity level
  • Status: Filter by New, Active, Fixed, or Regression
  • Asset: Scope to a specific domain, subdomain, or IP address
  • Root domain: Show findings for all assets under a specific root domain
  • Date range: Focus on findings discovered within a specific time period

Sort findings by severity, discovery date, or asset to organize your remediation workflow.

Remediation Workflow

A typical remediation workflow for Surface Monitoring findings:

  1. Triage new findings — Review new findings and assess their relevance and priority
  2. Assign ownership — Route findings to the team or individual responsible for the affected asset
  3. Remediate — Follow the remediation guidance provided in each finding
  4. Verify — Wait for the next assessment cycle to confirm the fix, or use the finding details to verify manually
  5. Monitor for regressions — Keep policies and notifications active to catch reappearing issues

Exporting Findings

Findings can be exported for reporting and tracking in external systems:

  • CSV export: Download findings data for spreadsheet analysis
  • API access: Use the Detectify API to programmatically retrieve and process findings
  • Integration sync: Findings routed through Jira, ServiceNow, or webhook integrations maintain their status in real time

Next Steps

  • Troubleshooting — Resolve issues with missing or inaccurate findings
  • Configuration — Ensure scanner access for complete assessment coverage
  • Policies — Set up alerts for new findings matching specific criteria
Last updated on
ConfigurationTroubleshooting