Security Analysis: Viewing scan results for a space
The Security Analysis for a given space allows administrators to view and handle scan findings for the space.
Only space administrators, Confluence administrators, or any user granted explicit app access, can access a space’s Security Analysis.
There are two ways to reach a space’s Security Analysis. First, you can reach it from the Soteri Dashboard, by clicking the name of the space:
Or, while viewing the space in Confluence, you can click “Security Analysis” in the side panel:
The space’s scan status and all findings in the space will be displayed. Findings with the same match text in a single page’s or attachment’s history are deduplicated. When a finding appears in multiple content versions, the range of versions is shown.
When findings are deduplicated, the range of versions shown will be the earliest and latest versions of the content that that finding appears in, even if is not present in some of the intermediate versions.
Click on page version links to view the actual page and see who edited it and when. This is useful for tracking down users who published the finding.
You can select a page in the dropdown list to get the scan status and findings for each version of that page. Similar findings on the page version level are not deduplicated.
%20copy.png?inst-v=3a67ceb3-7254-44ef-af71-ae917ddb39eb)
Above, we see a few scan findings for a particular page version. The specific text that matched the listed rule’s regex is highlighted. Specifically, this is the group 0 match: what the entire expression captured. For more information, see the Java 8 Regular Expression documentation.
You can also filter the list to only show findings matching certain rules. Use the “Filter by Rule” field to search for rules to filter.
%20copy.png?inst-v=3a67ceb3-7254-44ef-af71-ae917ddb39eb)
Scan warnings
The Security Analysis will warn you if a previous scan is stale or outdated.
Stale scan
If content in a previously scanned space is added, removed, or updated, and automatic scanning is disabled, then the Security Analysis will indicate that the space’s scan results are stale, and the space should be re-scanned.
The space scan stale result warning
Outdated scan
Additionally, if a space is scanned, but a global detection rule is later toggled, then the Security Analysis will indicate that the space scan results are outdated.
The space scan outdated result warning
This warning also appears for each page where global rules have changed since its last scan.
The page scan outdated result warning