Overview
The Triage page is the primary workspace for working through findings after a scan import. It provides an inline-editing table optimized for speed: status, priority, and assignee all update on change without a separate save step.
Navigate to Triage from the left sidebar and select the scan you want to work through.
Triage Statuses
Every finding starts at Untriaged. Move findings through the following statuses as your review progresses:
| Status | Meaning |
|---|---|
| Untriaged | Not yet reviewed |
| Open | Confirmed valid, not yet resolved |
| Investigating | Under active investigation |
| False Positive | Confirmed not a real finding |
| Accepted Risk | Risk acknowledged and accepted by client |
| Send to Client | Queued for ticket email to the client |
| Emailed | Ticket email has been sent |
| Resolved | Finding has been remediated |
Priority Levels
Priority is separate from scanner-assigned severity and reflects your judgment about what to address first:
- Critical (red)
- High (orange)
- Medium (yellow)
- Low (green)
- Not set (no indicator)
Working the Queue
Filtering by Status
Use the status tabs across the top of the Triage page to focus on a subset of findings: All, Untriaged, Open, Investigating, Send to Client, Emailed, or Resolved.
Searching
Use the search bar to filter findings by title text. Useful for quickly finding a specific plugin or vulnerability name.
Inline Updates
Each row in the triage table has dropdown selectors for Status, Priority, and Assignee. Changes save immediately — no submit button needed.
Assignee choices are drawn from the client contacts added to the client record. See Creating Your First Client and Engagement for how to add contacts.
Bulk Operations
Check the checkbox on one or more rows (or use the Select All checkbox in the table header) to activate bulk actions:
- Bulk update Status
- Bulk update Priority
- Bulk assign Assignee
- Bulk queue for email (Send to Client)
Bulk operations are applied to all selected findings at once.
Finding Detail View
Click the arrow on any finding row to open the Finding Detail page for deep inspection and editing.
Consultant Edits
The original scanner data is displayed read-only. You can override it with consultant-specific content:
- Consultant Title — replaces the plugin name in reports
- Consultant Description — your write-up of the finding
- Consultant Solution — tailored remediation advice
- Consultant Severity — your severity assessment (overrides scanner severity in reports)
- Severity Rationale — notes explaining a severity change
Click Save Changes after editing.
Triage Metadata
Also editable in the detail view:
- Triage Status and Priority (same as inline, but with more context)
- Triage Notes — internal team notes, not included in reports
- Risk Note — risk commentary that may appear in reports
Affected Hosts
The detail view lists all hosts where this finding was observed, including IP, hostname, port, protocol, and service name.
Review and Dismiss
- Mark as Reviewed — flags the finding as reviewed without changing triage status. Useful as a QA checkpoint.
- Dismiss — removes the finding from reports. Requires a dismissal rationale.
Tips
- Set severity on the scanner side, then override only when your assessment differs — keeping both values gives you an audit trail.
- Use Triage Notes for internal communication and Risk Note for anything that might end up in report language.
- The Send to Client status feeds directly into the Email Queue for ticket submission.