Find match in library

When this action is triggered, the upload manager checks the finding's plugin_id field to see if there is a matching entry in your IssueLibrary. If a match is found, the reporting engine will replace the finding body with the IssueLibrary entry.

This is especially useful when you know that you want to replace an incoming finding's description with your own. Do you really dislike the way that a tool reports a specific finding? Dradis will automatically replace the finding for you so that you never have to manually update it again.

You can also use this action to combine or deduplicate findings.

This action is useful for broader sweeping scans checking to see whether your IssueLibrary entries match incoming findings. If you prefer, you can set up a single rule for each replacement mapping with the related Replace finding body action.

The Find Match in Library action instead tells Dradis to check whether there is an entry in the IssueLibrary that matches the incoming finding.


Example: Find Match in Library

If there's a matching issue in your IssueLibrary, this rule will replace the whole finding, not just the body.

Now, how do you set up the mappings in the IssueLibrary to replace the incoming findings?

The Find Match in Library action matches based on the plugin ID value in the following format:

#[<plugin>_id]#
####

So, if you wanted to replace a Nessus finding with the plugin ID 10107, you need to add the corresponding plugin ID to your IssueLibrary entry:

#[nessus_id]#
10107

Make sure to include at least one blank line between your #[<plugin>_id]# field value and the end of the entry.

You can also expand the mapping to replace multiple incoming findings with the same IssueLibrary entry for merging and/or deduplication purposes.

To replace all the following findings with a single IssueLibrary entry:

  • Nessus Plugin ID: 10107
  • Burp Plugin ID: 8781630
  • Nessus Plugin ID: 39471

We would add the following content to the IssueLibrary entry:

#[nessus_id]#
10107

#[nessus_id]#
39471

#[burp_id]#
8781630


Once an IssueLibrary entry has been added to a project with a rule like this, a sidebar widget will display that the issue originated in an IssueLibrary entry, and whether the issue is still in sync with the original IssueLibrary entry. That way, if changes are made to the IssueLibrary entry later on while you are working on your project, you'll know!

Next help article: Action: Change Field Value →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.