Scan Difference - see what changes happen on your targets

“How to see scan trends?” - "Do you have scan difference?" - "Can I only get notified for new vulnerabilities?"

All of the above are questions we sometimes get from users - to be able to easily see in the dashboard the trend and changes in vulnerabilities for the monitored targets. Although this feature is not yet implemented, we do have a workaround that you can apply right away, in order to get notified only for new findings that show up on your scans.

How to get notified only of new findings

This method only applies to tools that generate findings, such as vulnerability scanners like Network Scanner or Website Scanner. Follow these 5 easy steps and only receive alerts when a new vulnerability is identified.

Step 1: Create a baseline test

You need to do an initial scan on the target(s) of your choosing - this will be the baseline.

Step 2: Update ALL Findings Statuses

When the scan is over, you should go over to the Findings tab, assess their situation and mark each one of them according to its relevant status. All future findings of the same type will be automatically marked with the Accepted, Ignored, or False positive status for the target. You can read more about changing finding statuses in our dedicated support article.

  • For example, any Accepted or Ignored findings are the ones that you know won’t be fixed right away (or at all), but you don’t want to be notified about them every single time. 
  • Marking findings as Fixed means you have implemented some remediation measures and they should not show up on future scans, if they do, it can mean that the fix was not properly implemented. 
  • For False Positives, we also recommend you use the “Report Incorrect Result” function to notify us of the errors so we can improve the scan results in the future.

Please note that the same procedure should be applied for the Informational findings, which are disabled from the findings view by default. To display them, simply check them in the Risk level button.

findings

Step 3: Create Recurring Scans for Monitoring 

Now you can go ahead and Schedule a scan. If you want to learn more about scan scheduling, you can find details in this dedicated guide.

Step 4: Setup Notifications

You should set a notification rule using the following trigger: 

Vulnerability Risk level ->  is at least -> low

Notifications can be enabled for a single scan, or for the entire Workspace, the choice is up to you. To learn more about what notifications are and how to use them, you can check out the  support section on Notifications

Step 5: Enjoy less noise in your inbox

When the subsequent scans finish you will only get notified of NEW findings.

Since some Finding statuses are persistent over any future scans for the same target and notifications take into account any manual changes to findings, if a finding triggers the notification (based on the rule you set), it means it is a new finding, other than the ones for which you have previously changed the status.

If you’re only interested in monitoring open ports we have a solution for that too. See here  how to get notified for new open ports only.