Applying advanced filters

Advanced filtering helps you visualize applications that require attention to satisfy security and regulatory compliance standards. You can apply advanced filtering by industry standard (OWASP Top 10 and the CWE/SANS Top 25) or by issue type. Apply it on one business unit or on all of the business units in the portfolio. After you apply the filtering to fine-tune the list, copy the URL into an email and send it to the team member who is responsible for fixing the issues.

Applying advanced filtering from the dashboard

When you click through from a section in one of these charts, the Portfolio list is filtered on that choice:
  • Top Issue Types
    Note: Beginning with v9.0.3, you can drill through the Top Issue Types chart to see which apps contain the top issues in your portfolio.
  • OWASP Top 10
  • CWE/SANS Top 25

Drill through from the Top Issue Types chart

Let’s assume that Path Traversal is one of the top issue types for your organization, and that 7 applications are affected. When you click through to the Portfolio view, you see a refined list of 7 applications. In the sidebar, you see a message that indicates that advanced filtering is enabled, and that some applications might be hidden. Click that message, which opens the Advanced Filtering dialog. Now you can apply a Standard and Section filter on the issue type to determine whether those issues violate the Standard.
Note:
  1. If the issues do not apply to the Standard and Section that is selected, the portfolio view doesn't display anything in the list.
  2. To remove advanced filtering, click the “Advanced filtering enabled? message link. You have three choices now:
    1. Click Clear > Save to remove ALL advanced filters.
    2. Select ‘None’ in the Standards list, then click Save.
    3. Select List menu > Reset Filters.

Issue types that are identified by a Compliance Standard filter can highlight training that might be needed for your developers.

Drill through from a Standard chart

Let’s assume that the OWASP Top 10 chart has 15 apps in the Injection category. Drill through to the Portfolio tab and click the “Advanced filtering enabled? message link, switch to the Issue Attributes tab and add more filtering by issue type. You can also filter by the issue status.

Note:
  1. The results might be a smaller list of applications, or if no issues apply to the Standard and Section that is selected, the portfolio view does not display any apps in the list.
  2. To remove advanced filtering, click the “Advanced filtering enabled? message link. You have two choices now:
    1. Click Clear > Save to remove ALL advanced filters.
    2. Select ‘None’ in the Standards list, then click Save.

Applying advanced filtering from the Portfolio

Procedure

  1. Open the Advanced Filtering dialog by clicking List menu > Advanced Filtering.
  2. Click the tab for the type of filter you want to apply, make your selections, and click Save.

Results

Note:
  1. The results might be a smaller list of applications, or if no issues apply to the standard and section that is selected, the portfolio view does not display any apps in the list.
  2. To remove advanced filtering, click the “Advanced filtering enabled? message link. You have two choices now:
    1. Click Clear > Save to remove ALL advanced filters.
    2. Select ‘None’ in the Standards list, then click Save.

Applying filtering on applications

You can further filter an application through the REST APIs. Information relating to compliance standards can be extracted for third-party applications and dashboards. Applications can be filtered based on issue attributes and by standards and sections. Two parameters were added to the REST APIs to enable advanced filtering:
  • IssuesQuery
  • properties: The IDs and the aliases to be used in the properties parameter are available by calling these REST APIs:
    • GET /standards
    • GET /standards/{standardId}/sections

You can also generate detailed security reports to HTML and PDF from the Monitor view in the UI.