Exporting Findings

Security for Confluence allows users to export CSV files containing findings in the spaces for which they have administration privileges. This can be done from the Soteri Dashboard, or when viewing a particular space’s Security Analysis.

Exporting findings from the dashboard

To export all findings for all spaces for which you have administration privileges, click the Export button at the top of the Soteri Dashboard:

There are three options, all of which are in CSV format:

• A Dashboard overview export of the list of spaces visible on the dashboard together with their individual scan status, up to date status, and the number of unreviewed findings in that space.

• An All findings export contains the scan results for the space.

• A Reviewed false positives export contains reviewed false positives, including who reviewed them and when they were reviewed. Reviewed false positives that are scoped to a space will apply to all future and past findings in the space that match exactly.

Archived spaces are excluded from the exports by default. When on, the toggle will include them.

Exporting space findings from the dashboard

To export findings for a particular space from the Soteri Dashboard, use the Findings button in the Action Menu for the space:

Finally, when viewing the Security Analysis for a particular space, you can use the Export Space dropdown at the top of the page. The rule filter will also filter the exported findings.

Full findings in exported reports

If you want add the full text of findings in exported reports, you can enable the Include full finding text in exported reports setting in the plugin settings page:

Enabling this option will add the Content Title, Historical, Finding text, and Full text columns to CSV exports.

Performance

Security for Confluence only stores the locations of findings, not their actual text. To perform an export, Security for Confluence therefore must query Confluence to retrieve the text of all content with findings, which can be very time consuming. This is particularly noticeable for full instance exports. A large full instance export could potentially take an hour or more.

Deduplicate findings in exports

If you want to show every finding occurrence in your export reports, you can disable the Deduplicate findings in exports setting. Otherwise, findings will be presented once for every content they’re discovered in, even if discovered more than once in the history of that page, blog post, or comment. This behavior presents an export similar to the layout of the Security Analysis page.

Columns in exported findings reports

Following are the column names in the exported reports, in order, most of which are self-explanatory:

1. Space key

2. Content title Excluded if the “Include full finding text in exports” setting is disabled.

3. Content ID

4. Latest content version, or Content version if the “Deduplicate findings in exports” setting is disabled.

5. Historical: if this scan finding is historical. Excluded if the “Include full finding text in exports” setting is disabled.

6. Rule name

7. Confidence: for findings from Advanced AI Scanning, the confidence level reported by the model (0.0-1.0).

8. Match text: the exact match text of the finding. This can be used to review the finding; see Hiding false positives, revoked credentials, etc. . Excluded if the “Include full finding text in exports” setting is disabled.

9. Reviewed?: if the finding is reviewed at space scope.

10. Individually Reviewed?: if the finding is reviewed at content scope.

11. Globally Reviewed?: if the finding is reviewed across all of Confluence.

12. Publication time

13. Content link: URL to the content.

14. Security analysis link: URL to security analysis page for that Space.

15. Full text: the complete text of the fragment, or, if it is too long, then only the specific text that triggered the finding. Excluded if the “Include full finding text in exports” setting is disabled.