MindFort User Guide
Welcome to MindFort. This guide explains what you can do in the app and how to do it, without technical jargon.Getting Started
- Sign in: Log in with your organization account. If you have access to multiple organizations, use the organization switcher on the profile page.
- Home: You’ll be taken to the Dashboard, which summarizes your security posture.
Dashboard
- Security overview: See average risk score, total findings, and severity breakdown at a glance.
- Trends and charts: View stats and severity charts to understand where risks are concentrated.
- Highlights: Quick cards show recent Red Team and Code Assessment results and the most severe finding.
Assessments
Start a new assessment
- Click “New Assessment” in the left sidebar.
- Choose a verified target (website or app domain) from the list.
- Pick the assessment method (Turbo is quicker; Deep is more thorough and may take longer if available).
- Optional: Add stored login credentials for authenticated testing.
- Start immediately or schedule (if scheduling is enabled) and confirm.
Active assessments
- Go to Active Assessments to watch progress of ongoing Red Team runs.
- See status (running, queued, pending), start time, and cancel if needed.
- Select an assessment to view its status screen.
Assessment history
- Visit Assessment History to review past Code and Runtime assessments that finished.
- Filter by source (domain or repo) and type (Code or Runtime), then “View Details” for any run.
Vulnerabilities and Findings
- Go to Vulnerabilities to explore findings by asset/target.
- Inside an asset:
- Overview and charts: Quick context for findings and severity over time.
- Findings tab: Search, filter (by type, severity, exploitability), sort, bulk-select, and take actions.
- Archived/Deleted tabs: Review previously archived or deleted findings (Deleted may be feature-gated).
- Schedules tab: View or manage assessment schedules for the target (if enabled).
- Click any finding to open the details drawer, where you can:
- Read a description and evidence
- See severity and exploitability
- Add comments and votes
- Start remediation (for supported finding types)
- Download a patch diff when available
Targets (Assets)
- Use Targets to manage what you scan.
- Inventory: See all targets, when they were added, and basic stats.
- Manage a target: Expand a target row to edit details, add credentials (like usernames or magic links), and store key–value pairs your team needs.
- Add a target: Click “Add Target” to open the form, configure details, and save.
Reporting
- Generate downloadable Security Reports for a specific target.
- On the Reports page, click “Generate Report,” choose a target, and wait ~30 seconds.
- Search, sort, download, or delete existing reports.
Settings
WAF Configuration
- If your firewall blocks MindFort, whitelist the listed IP addresses. Copy individual IPs or all of them at once.
Integrations
- Connect GitHub to enable code assessments on private repositories. Other integrations may appear as “Coming Soon.”
- Connect or disconnect GitHub from the Integrations page.
Security Badge
- Display a “Secured by MindFort” badge on your website.
- Pick a style and copy the provided embed code.
Profile and Organization
- Manage your profile, security settings, and (if you’re an admin) user management using the built-in widgets.
- Switch organizations from the same page if you belong to more than one.
Billing (Admins)
- View your credit balances, subscription status, invoices, and saved payment methods.
- Upgrade to Pro, toggle annual billing, purchase add-ons (like extra targets), download invoices, or update your card.
- Cancel your subscription from this page if needed.
Tips
- Credentials: Adding stored credentials enables deeper testing of authenticated areas.
- Scheduling: If enabled, create recurring scans to maintain coverage.
- Bulk actions: Use bulk archive/delete on findings to keep your list focused.
- Retest: If available in your workspace, use Retest from the findings table to re-verify issues.
Need help?
- Use the in-app chat or email support@mindfort.ai for assistance.
How‑to: Start and manage assessments (step‑by‑step)
Before you start
- Ensure your target (website/app domain) is added and verified under Targets.
- If you need authenticated testing, add credentials to the target first.
Start an assessment now
- Click New Assessment in the sidebar.
- Pick your target domain (verified targets show here).
- Choose method:
- Turbo: faster, lighter coverage
- Deep: more thorough (may take longer, available when enabled)
- Optional: expand Authentication Credentials and select a stored credential.
- Click Start Assessment. If additional credits are required, confirm to proceed.
Schedule recurring assessments (if enabled)
- From New Assessment, enable scheduling.
- Name the schedule (optional), choose frequency (daily/weekly/monthly), time, and timezone.
- Save. Your runs will start automatically at the set times.
Cancel a running assessment
- Open Active Assessments.
- Locate the assessment with status Running/Queued/Pending.
- Click Cancel. The system will stop the run at the next safe point.
Understanding risk, severity, and exploitability
- Severity: Critical, High, Medium, Low, and Info indicate potential impact.
- Exploitability:
- Exploitable: can realistically be used by an attacker
- Potentially Exploitable: may be exploitable depending on context
- Non‑Exploitable: unlikely to be abused
- N/A: not rated or not applicable
- Risk score: A numeric indicator rolled up for dashboards; higher means greater risk.
Working with findings
- Go to Vulnerabilities and select a target.
- Use the search box and filters (Type, Severity, Exploitability) to focus your list.
- Click a finding to open details, including description, evidence, and history.
- Add comments or votes to collaborate with your team.
- Use bulk actions to archive or delete multiple findings at once.
- Switch tabs to see Archived or Deleted findings (Deleted may be limited by feature flags).
Retesting (if available)
- Use the Retest button to re‑verify a set of findings after fixes are applied.
Remediation (fixing issues)
For supported findings (especially Code):- Open a finding’s details.
- Click Remediate to generate suggested fixes.
- Download a patch diff when available and apply it in your repository.
- Re‑run or Retest to confirm the issue is resolved.
- Runtime issues may include configuration guidance instead of a code patch.
- Red Team items can include narrative context or steps to reproduce; address the root cause, then retest.
Targets: credentials, values, and management
- Add Target: From Targets, click Add Target and complete the form.
- Edit Target: Expand a target row to update details inline.
- Credentials: Add stored credentials (for authenticated scans). Choose them during New Assessment.
- Values: Store key‑value pairs your team needs for assessments.
Reports (downloadable summaries)
Generate reports your stakeholders can review:- Open Reporting and click Generate Report.
- Choose a target and confirm. Generation typically takes ~30 seconds.
- The report appears in the list; download as needed. You can also delete old reports.
- Use search and sorting to find the latest report by target or date.
- If a report doesn’t appear after a short wait, refresh the page.
Roles and access
- Admins: Can access Billing and may see additional management tools.
- Members: Can run assessments, view findings, use reports, and manage targets (as allowed by your org).
Billing quick guide (Admins)
- Upgrade to Pro: From Billing, click Upgrade. Choose monthly or annual billing.
- Purchase add‑ons: Buy additional targets when you need more coverage.
- Payment methods: Add or manage your card on file.
- Invoices: Download past invoices and review statuses.
- Cancel: You can cancel your subscription from the Billing page anytime.
Troubleshooting
- I can’t see my target when starting an assessment
- Ensure it’s added under Targets and verified. Refresh the page.
- “Insufficient credits” message
- Confirm the additional credits prompt or upgrade/purchase add‑ons in Billing.
- Assessment stuck in queued/running
- Cancel and re‑start; check WAF/firewall settings and whitelist MindFort IPs if needed.
- No findings appear after a run
- Verify the correct target and timeframe; consider using authenticated credentials for deeper coverage.
- Can’t download a report
- Try again and check your popup/download settings; if it persists, refresh and retry.
- GitHub integration issues
- Reconnect GitHub under Settings > Integrations. Ensure the app has access to the repo.
FAQ
- How long do assessments take?
- Turbo is faster (often minutes to under an hour). Deep runs take longer.
- Can I cancel a run?
- Yes. Use Active Assessments and click Cancel.
- Do you scan private GitHub repositories?
- Yes, connect GitHub under Integrations.
- What is a “target”?
- A website or application you want to assess (e.g., your production domain).
- What is a “finding”?
- A potential security concern detected by MindFort.
- What does “exploitability” mean?
- How likely an attacker can use the issue in practice.
Glossary
- Target: The asset being assessed (domain/app).
- Assessment: A scan or test of your target. Types include Red Team, Code, and Runtime.
- Red Team: Simulated attacker techniques to find impactful issues.
- Code Assessment: Source code analysis for vulnerabilities.
- Runtime Assessment: Live testing against the running app.
- Finding: A specific issue detected during an assessment.
- Severity: The potential impact level (Critical to Info).
- Exploitability: Likelihood the issue can be abused.
- Remediation: Steps or patches to fix a finding.
- Report: A downloadable summary of results for stakeholders.