The Soteri Dashboard: Viewing Confluence's overall security status

The Soteri Dashboard allows Confluence administrators to view the scan statuses of all Confluence spaces. It can be accessed by clicking the link in the Apps menu:

Only Confluence administrators can access the Soteri Dashboard.

Here is an example:

Each space will appear, along with the following:

• The number of vulnerabilities found in that space.

• The scan’s status. This can be:

  • Up To Date: The space has been fully scanned and either has the Security Hook enabled to scan all future content, or no changes have been made to the space since it was last scanned.

  • Outdated: The space has been fully scanned, but changes have been made since that happened.

  • Scheduled / Scanning: A scan of the space is in progress.

  • Unscanned: The space has not been scanned.

• A dropdown menu of actions you can perform for that space.

Note that the vulnerability count does not include any findings which have been reviewed.

You can use the provided “Filter by space name” input to search for particular spaces, and the “Space type” dropdown to view normal spaces (the default), private spaces, or both.

Clicking on the gear icon in the upper right will take you to the Security for Confluence Settings page.

Triggering Scans

You can trigger scans for your entire Confluence Cloud instance by clicking the Scan All button. This scans both normal and personal spaces.

Clicking on a space’s “Actions” dropdown menu reveals the options “Scan” and “Export”:

Choosing “Scan” will trigger a scan for new and modified pages in that space. Choosing “Export” will download a list of all findings for that space in CSV format. Read more about exports here.

Clicking on a space’s name in the Soteri Dashboard will take you to that space’s Security Analysis, where you can trigger scans on a per-page basis.

If any vulnerabilities are found, we recommend following our advice here.