Skip to main content
Exposure list page

Exposure Overview

Overview

Exposures represent validated risks automatically derived from your discovered assets.
Each entry contains:
  • Asset & Type – The resource impacted (e.g., IP, Subdomain, Certificate)
  • Reason – Why this asset was flagged (e.g., “Invalid SSL Cert”)
  • Severity – Criticality defined by your exposure rules or manual review
  • State – Workflow state (In Review, Safe, Resolved, Not assigned)
  • Detected At – Timestamp of when the exposure was first observed
  • Action – View, edit, or mark exposure as safe

Key Capabilities

Automatic Exposure Generation

All exposures are created automatically by your YAML-based rules during scans.
Rules define which assets are risky and assign their severity and description.

Detailed Exposure Listing

View all exposures in a structured table with filters by asset type, state, and severity.

Modify & Review

Analysts can manually edit the reason or change severity to refine classification accuracy.

Mark as Safe

False positives can be marked as Safe to prevent recurrence in future scans.

Editing Exposures

You can edit any exposure directly to adjust severity or reason text.
Edit Exposure popup

Editing an Exposure

Example Use

  • Adjust Severity from Critical → Medium when risk context is low.
  • Update Reason to add notes like “Reviewed internally – no sensitive data.”
# Example manual review log (stored internally)
id: c15e1e8e
asset: "*.bugcrowd.com"
reason: "Exposing internal dashboard (non-sensitive)"
severity: "Low"
state: "In review"
reviewed_by: "analyst@company.com"