The Soteri Dashboard: Viewing Confluence's overall security status
The Soteri Dashboard allows users to view the scan statuses of all Confluence spaces they administer or, if they were granted explicit app access, the Confluence spaces they can view. It can be accessed from anywhere within Confluence by clicking the padlock icon at the top-right of the screen:
Here is an example:
Each space will appear, along with the following:
The number of unique scan findings per page in that space.
The scan’s status. This can be:
Up To Date: The space has been fully scanned and either has the Security Hook enabled to scan all future content, or no changes have been made to the space since it was last scanned.
Outdated: The space has been fully scanned, but changes have been made since that happened.
Scanning: A scan of the space is in progress.
Unscanned: The space has not been scanned.
Scan Error: There was an issue doing a scan of this space. Click the space name to learn more.
A dropdown menu of actions you can perform for that space.
Note that the findings count does not include any findings which have been marked as reviewed.
You can use the provided “Filter by space name” input to search for particular spaces, and the “Space type” dropdown to view normal spaces, private spaces, or both (the default).
Clicking on the gear icon in the upper right will take you to the Security for Confluence Settings page.
Triggering Scans for an Individual Space
Clicking on a space’s “Actions” dropdown menu reveals the options “Scan” and “Export”:
Choosing “Scan” will trigger a scan for new and modified pages in that space. Choosing “Export” will download a list of all findings for that space in CSV format. Read more about exports here.
Clicking on a space’s name in the Soteri Dashboard will take you to that space’s Security Analysis, where you can trigger scans on a per-page basis.
If any vulnerabilities are found, we recommend following our advice here.
Triggering Scans for All Spaces
Confluence administrators or any user granted explicit app access who access the Dashboard will see the Scan All button.
Pushing this button will trigger scans for every space in the Confluence instance.
The scan queue indicator shows how many pages are waiting to be scanned:
Cancelling Scheduled Scans
Confluence administrators or any user granted explicit app access who access the dashboard can click on the scan queue indicator to reveal the Cancel Scans button. Clicking this button will cancel all scheduled scans. Scans scheduled as part of the “Keep space scans up to date” option will not be affected.