EvidenceCounter content control
The EvidenceCounter content control counts the number of instances of Evidence associated with a specific Issue or Node. It can help you answer interesting questions like, "how many locations does this Issue impact?" or "how many instances of vulnerabilities were found on this particular server?"
You will need to make sure that it is always wrapped in an Issue or Node content control. Without it, the EvidenceCounter control will not populate.
This page contains:
- Count All Evidence affecting each Issue
- Count All Evidence affecting each Node
- Count All Evidence affecting each Issue, organized by Node
- Count filtered Evidence
Count All Evidence affecting each Issue
The simplest report template with an EvidenceCounter content control would look something like this:
This is simply an EvidenceCounter content control wrapped in an Issue control.
The output will be a count of the total count of Evidence for each Issue in your project. The EvidenceCounter control does not deduplicate the Evidence. So, if the Issue has 3 instances of Evidence, all affecting the same Node, the EvidenceCounter control would output 3 in the exported report. If you want to get deduplicated host data, check out the Affected content control.
Count All Evidence affecting each Node
You can wrap the EvidenceCounter content control in a Node content control alone if you want to count all instances of Evidence found on a node, independent of which Issue(s) they correspond to.
The output will be a count of the total count of Evidence for each Node in your project. So, for example, if a given Node has 2 Issues with a total of 6 instances of Evidence on the same Node (e.g. affecting several different ports), the EvidenceCounter control would output 6 in the exported report.
Count All Evidence affecting each Issue, organized by Node
You can also wrap the Issue control shown above in a Node content control to display the data in a different way.
If we have an example project that contains just 1 Issue (e.g. Insufficient cross-site request forgery (CSRF) protection) with 3 instances of Evidence, we can use the EvidenceCounter content control to understand how many times each Node is affected.
And if we use a report template that is organized by Node like the one shown below:
This sample project will export into the simple report template like this:
Count filtered Evidence
We can filter our EvidenceCounter content control if we want to count just a subset of our instances of Evidence.
If you haven't already, now would be a good time to review the Filtering and sorting page of this guide for more on the different filtering options available.
In the example above, you can see that one of the instances of Evidence contains a #[Report]# field with the value Yes. We can filter the EvidenceCounter control as shown below to only capture the instances of Evidence that have the Report field set to Yes:
Next help article: Methodology content control →