Skip to main content
Report Components

All Audiences: Components you'll find in your reports

Updated over 5 months ago

Vulnerability reports contain various components crucial for understanding, whether you're browsing through Hacktivity or checking your inbox.

Hacker Info

The hacker who submitted the report is shown in the sidebar metadata. On hover, you can see the hacking statistics by reputation, signal, and impact.

Report Metadata sidebar

Report ID and Title

At the top of the report is the report ID number and title. You can change the report title to your internal naming conventions. The color behind the report number represents the state the report is in. These are the different colors and the report states they represent:

Color

Report State

Purple

New

Light Blue

Needs more info

Dark Blue

Pending Program Review (currently in beta)

Yellow

Green

Resolved

Orange

Triaged

Brown

Duplicate

Grey

Informative

Red

Not Applicable

Report Metadata

You’ll be able to view these metadata fields in the right sidebar:

Metadata Field

Details

Asset

The specific asset the vulnerability was found on.

Assigned to

(An internal field that is only seen by the program’s security team) The person on your security team that's assigned to triage or manage the report.

Bounty

(Only shows for resolved reports that were given a bounty) How much bounty the report was awarded.

Cloned From

Shows which report this was cloned from

Cloned reports

Links all the reports that were cloned from the current one.

Credential Account Details

Custom Fields

Private fields for your company, not seen by hackers see the article about custom fields

CVE ID

The CVE ID the vulnerability is linked to.

Disclosed

The date the report was disclosed. Only shows for reports that were disclosed.

Duplicates

Shows which reports this is a duplicate of

Link Sharing

Ability to generate a secure link to share this report with a third party.

Notifications

Indicates whether you have notifications enabled or disabled for actions on your program.

Participants

All of the hackers involved in finding the vulnerability plus program members involved with triaging the report.

Pentest

(Shows only if you're participating in pentests) The pentest the report is linked to.

References

(An internal field that is only seen by the program’s security team) The ticket number associated with the report in your issue tracking tool that you've set up an integration for.

Reported at

The date and time the report was submitted.

Reported to

The name of the program the report was submitted to.

Reporter

The hacker who submitted the report

Resolution Target

Programs have certain SLA, so this is the date/time by which the program should resolve the report so it doesn't miss SLA

Severity

The severity level of the vulnerability.

State

The state the report is in.

Visibility

Indicates the status of disclosure of the vulnerability. You can also choose to redact private information from the report.

Weakness

The type of weakness of the vulnerability.

Summary

Either your security team or the hacker(s) involved with the report can choose to provide an optional summary of the report. The team or hacker summary is the first thing you see when you dive into a report. It’s an optional field designed to set the tone or summarize the report. Particularly useful in disclosure scenarios, it can preamble the full report or serve as the only large-text content disclosed in limited disclosure situations. Including a summary helps future report viewers understand the context without scrolling through the entire report. Click ADD SUMMARY to add a summary to the report.

Triage Summary

The Triage Summary is a specific section in the report where triagers offer a clear and brief overview of a vulnerability to the customer. This overview highlights how to investigate the issue and its potential impact.

Jira Integration

Customers utilizing the Jira Integration can easily connect the Triage Summary field to JIRA by mapping the integration variables {{triage_summary_jira}} or {{triage_summary}} to a matching JIRA field. Further details on integration variables are available here.

The Triage Summary feature is available exclusively to customers utilizing our triage services.

Triage summary in report

Timeline

The report timeline shows all of the activity that occurs in the report between the hackers and the program members involved with triaging the report. It will show when:

  • A hacker or a program member adds a comment

  • The state of the report changes

  • A bounty is set

  • A bounty has been given

  • A hacker requests mediation

  • A hacker or program member requests public disclosure

  • An internal activity has been made

  • The severity level has changed

The report timeline will also show who is in charge of the next pending action within the report.

Report timeline

Did this answer your question?