Skip to main content

Browse Targets

Open Findings from the sidebar to see all your targets displayed as summary cards. Each card shows the target’s health score and severity breakdown at a glance. Use the search bar to filter targets by name or domain.

Drill Into a Target

Click any target card to open its findings view. Inside, you can:
  • filter by severity
  • search by keyword
  • switch between vulnerable, secured, and archived tabs

Finding Actions

Open a finding to:
  • review full details, evidence, proof-of-concept detail, and AI-generated summaries
  • assign or unassign an owner
  • add comments
  • create a linked issue in Linear (if connected)
  • request a remediation fix (if available)
  • archive or delete when appropriate
  • start retest actions when available

Finding Artifacts

Finding details are designed to give security and engineering teams enough context to verify, prioritize, and fix the issue. Depending on the finding type, details can include:
  • severity
  • CVSS v3.1 score
  • OWASP category and vulnerability tags
  • exploitability assessment
  • affected endpoint, host, file path, component, or package when available
  • evidence captured during the run
  • proof-of-concept or approach details
  • attack flow graph when available
  • impact summary
  • remediation guidance
  • validation details or retest actions when available
Use the evidence and proof-of-concept detail to reproduce the issue in a controlled environment before changing production systems. Vulnerable-component findings may cite advisory or CVE evidence when MindFort has confirmed the exact exposed component and version from the target.

Severity and CVSS

MindFort uses severity to help teams prioritize triage quickly. Finding details show the severity label and the CVSS v3.1 score when available. Prioritize:
  1. critical and high findings that are exploitable
  2. findings with clear proof-of-concept evidence
  3. issues that cross tenant, user, or role boundaries
  4. findings affecting internet-exposed or privileged components

Bulk Actions

For large queues, select multiple findings and apply batch actions:
  • archive
  • delete

Collaboration Flow

  1. Assign owner.
  2. Add implementation notes in comments.
  3. Update lifecycle state via archive/delete workflow.
  4. Retest and confirm final status.

API and MCP

List findings programmatically with the same filters the UI uses:
  • Findings APIGET /v1/findings (API key)
  • MCPlist_findings tool (OAuth)
Use exclude_secured=true to match the default Open tab (vulnerabilities only), status=ARCHIVED for the Archived tab, and assessment_id to scope results to one assessment run.