Findings Library
The Findings Library is your personal repository of reusable vulnerability templates. Accessible from the top navigation bar outside of any workspace, it allows you to build and maintain a collection of common vulnerability definitions that you can quickly apply when creating vulnerabilities inside a workspace.
How It Works
The Findings Library is an account-level feature, meaning it is tied to your user account rather than any specific workspace. You can create templates describing vulnerabilities you encounter frequently -- including severity, CVE/CWE identifiers, CVSS scores, descriptions, recommended fixes, and impact details. When you need to record a vulnerability in a workspace, you can pull from your library instead of writing everything from scratch.
Templates are private by default. You can choose to make a template public so that other Hawkra users can discover and save a copy to their own library. Public templates can be flagged by the community if they are inaccurate, spam, duplicated, or inappropriate. Templates that accumulate enough flags are automatically hidden from public search results.
Navigating to the Findings Library
Click the Findings Library link in the top navigation bar. This link is always available regardless of which workspace you are in (or even if you have no workspace selected). The library page displays all templates you have created, with search and filter controls at the top.
Key Actions
Creating a Template
To create a new vulnerability template, click the Create Template button and fill in the following fields:
| Field | Required | Description |
|---|---|---|
| Name | Yes | A descriptive name for the vulnerability (1--255 characters). |
| Severity | Yes | One of: Critical, High, Medium, Low, or Informational. |
| Description | No | Detailed description of the vulnerability (up to 10,000 characters). |
| CVE | No | Common Vulnerabilities and Exposures identifier (e.g., CVE-2024-1234). |
| CWE | No | Common Weakness Enumeration identifier (e.g., CWE-79). |
| CVSS Score | No | Numeric CVSS score. Validated to ensure it falls within the valid range (0.0--10.0). |
| Reference | No | A URL linking to an external advisory or write-up (up to 2,000 characters). |
| Recommended Fixes | No | Steps to remediate the vulnerability (up to 10,000 characters). |
| Impact | No | Description of the potential impact if exploited (up to 10,000 characters). |
| Credit | No | Attribution for the original discoverer or source (up to 255 characters). |
| Visibility | No | Private (default) or Public. |
If you provide a CVSS score, it is validated before the template is saved. Scores must be a decimal number between 0.0 and 10.0. Invalid scores will be rejected with an error message.
Searching and Filtering Templates
Your library list supports filtering by:
- Name -- free-text search across template names
- CVE -- filter by a specific CVE identifier
- CWE -- filter by a specific CWE identifier
- Severity -- filter by severity level (Critical, High, Medium, Low, Informational)
You can combine multiple filters to narrow down your results.
Public vs Private Templates
- Private (default): Only you can see and use the template.
- Public: The template appears in public search results and other authenticated users can save a copy to their own library.
To change a template's visibility, open the template and toggle its visibility setting. Only the template owner can change visibility.
Browsing Public Templates
Use the Public Templates search to discover templates shared by other users. When you find a useful template, click Save to Library to create a private copy in your own Findings Library. The original template remains unchanged -- you get an independent copy that you can edit freely.
Flagging Public Templates
If you encounter a public template that is inaccurate, spam, a duplicate, or inappropriate, you can flag it. Each user can flag a given template only once. You cannot flag your own templates. Templates that receive multiple flags are automatically hidden from public search results.
Flag reasons include:
- Inaccurate -- the vulnerability details are incorrect
- Spam -- the template is promotional or irrelevant
- Duplicate -- the template duplicates an existing public template
- Inappropriate -- the content is offensive or violates guidelines
Using Templates to Create Vulnerabilities
When adding a vulnerability to a workspace, you can select a template from your Findings Library to pre-populate the vulnerability form. This saves time and ensures consistency across your assessments. The template data is copied into the vulnerability -- subsequent changes to the template do not affect existing vulnerabilities.
Updating a Template
Open any template you own, edit the fields, and save. Only the template owner can edit a template. The update validates all fields using the same rules as creation, including CVSS score validation.
Deleting a Template
You can delete any template you own. Deleting a template does not affect any vulnerabilities that were previously created from it, since vulnerability data is copied at creation time.
You can only edit, delete, or change the visibility of templates that you created. Templates saved from public search are your own copies and can be freely modified.
Tips & Notes
- Build your library incrementally as you perform assessments. Over time, you will have a comprehensive set of templates tailored to your testing methodology.
- Use consistent naming conventions (e.g., always include the protocol or technology in the name) to make searching easier.
- The reference URL field is validated -- make sure it is a properly formatted URL.
- Public templates are a good way to share knowledge with your team. If multiple team members use Hawkra, making well-documented templates public saves everyone time.
- Templates with a
source_vulnerability_idwere created from an existing workspace vulnerability, preserving traceability back to the original finding.