The purpose of this FAQ is to provides customers who are using the beta version of the new SWAT Views, with information on what to expect over the coming months.
With the March 2021 release we began our migration of the SWAT Classic fully into the portal, with a view of deprecating the SWAT classic UI and removing the current SWAT views in the Portal. This FAQ provides customers who are using the beta version of the new SWAT Views with information on what to expect during the migration period, such as known issues and also a list of features that we are aiming to add over the coming months. This migration is very much a beta migration and as such a number of features either do not work yet or are missing from the portal, these are highlighted below.
As we add new functionality to the Portal as part of the SWAT migration project we will add it to this section.
April Release 2021
- Integrating Assets into the Portal Asset view.
- Integrating Findings into the Findings / Vulnerabilities view.
- Added a new web apps Portal view that shows each application and a summary of their current risk. The goal of this view is to provide a list of all the AppSec subscriptions (SWAT, Snapshot, Assure) in an easy to see overview which in turn can be drilled into.
- Added a new dashboard view providing some indicators of application state. Accessed via the relevant webapp card, this dashboard shows the number of open findings, the number of fixed findings, the dates a finding was last pushed to the portal, the time a finding was fixed as well as trend graphs for findings and fixed over time. Additional metrics and dashboards will be added to this view over time based on customer feedback.
- Added a visual representation of the crawl coverage by the automated scanner. This coverage represents the combined scanning performed on the application each day with some caveats which are covered below.
- Certain UI options will now only be usable based on the source of findings : Verification will only be available for SWAT, Snapshot and Assure. Marking findings as a false positive : Scale only.
Upcoming features (Q2)
- All applications will show the correct source rather than just SWAT. For instance if your application has been subject to a Snapshot, then the source will reflect Snapshot, including the findings.
- The verification request process will be implemented, allowing customers to issue verification requests from the findings view in the same way you can with the SWAT classic.
- The Comments system will be expanded to support discussions with the Appsec team in the same way as you can in the SWAT Classic.
- Subscriptions will be correctly identified and shown to the customer. Currently in the SWAT Classic we treat everything as 'SWAT'. We aim to provide a more accurate picture of customers subscription consumption.
Questions & Answers
This section covers a number of common questions and answers based on the current beta preview version of the SWAT migration project.
- What happens if I mark a finding as Fixed?
The portal will show the finding as fixed. This means it will be presented in a distinctly different way to an open finding. It is then possible for a customer to filter out findings marked as fixed. From an Appsec team perspective, the finding will remain open in their view until such time as a verification has been made against that finding and the Appsec team mark the finding as fixed. We recommend customers who want to determine if a finding is fixed they continue to use the verification request option in the SWAT Classic UI.
- How do I request a verification?
In the Portal it is currently not possible to request a verification despite an option to do so being available. To request a verification we recommend customers to use the SWAT Classic UI and use the right click contextual menu on a finding to request a verification.
- Why are some pages missing on the crawl chart coverage you provide?
We scan each application multiple times each day. These scans are designed to cover different use cases such as scan the application as an unauthenticated user, scan as an authenticated user etc. As such the automated scanner will only be able to access specific pages. Also, its possible that, in working with yourselves, the Appsec team identify a part of the web application that is not suitable for scanning with the automated scanner due to issues it might cause with the application. These will be blacklisted and thus not part of the coverage and will of course not show up in the scans. This does not mean these pages are never covered, as they will be part of the manual testing the Appsec team perform on a regular basis.
- Why is everything listed as 'SWAT' when my application is a Snapshot
As part of the first release, the goal was to get a usable set of UI views into the hands of our customers. As features continues to be developed, both on the roadmap and as feedback from customers, they will improve the way information is presented. One of the first things on the roadmap is to roll out a visual way of seeing what subscriptions are being used by a specific application and ensuring that findings are clearly labelled as to the source of the discovery (SWAT, Snapshot, Assure etc).
This is planned to be available to customers in Early Q2.
- You mention feature requests from customers. How can I raise on?
Please log a support ticket in your customer support portal with a type feature request. This will then be sent to the Product Management team for review and feedback.
Why is the delete asset button disabled for SWAT assets?
As the SWAT service is a 'managed' service, customers should not be able to delete their SWAT applications. As such we have disabled the option in the UI.
It may still be possible to delete the SWAT applications via an API call. We request customers to not do this, as it will cause significant data corruption issues due to the way we deliver the service. We will remove this functionality from the API in an upcoming release.
© 2022 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.