Vulnerabilities
Vulnerabilities are the core findings in your security assessment. Hawkra provides a comprehensive system for documenting, tracking, and managing vulnerabilities across your workspace -- from initial discovery through remediation. Vulnerabilities can be created manually, imported from scan tools, or generated from your Findings Library templates.
How It Works
Vulnerabilities are independent entities linked to one or more assets via a many-to-many relationship, with per-asset remediation tracking.
Creating Vulnerabilities
Manual Creation
To create a vulnerability manually, navigate to the Vulnerabilities section of your workspace and fill in the following fields:
| Field | Required | Description |
|---|---|---|
| Title | Yes | A descriptive name for the vulnerability (1-255 characters) |
| Severity | Yes | Critical, High, Medium, Low, or Informational |
| Description | No | Detailed description of the vulnerability (up to 10,000 characters) |
| CVSS Score | No | The CVSS base score, validated between 0.0 and 10.0 |
| CVE | No | The CVE identifier (e.g., CVE-2024-1234), up to 50 characters |
| CWE | No | The CWE identifier (e.g., CWE-79), up to 50 characters |
| Impact | No | Description of the business or technical impact (up to 10,000 characters) |
| Recommended Fixes | No | Remediation guidance and recommended fixes (up to 10,000 characters) |
| Reference | No | A URL to external documentation or advisories (up to 2,000 characters, validated as a proper URL) |
Be thorough with the description, impact, and recommended fixes fields. These are included in generated reports and provide the context that stakeholders need to prioritize remediation.
Creating from Findings Library
If you have a Findings Library with pre-defined vulnerability templates, you can create a vulnerability directly from a template. This pre-fills all fields from the template, saving time for commonly encountered findings.
When creating from a template, you can optionally specify asset links at the same time -- selecting which assets (and optionally which specific ports on those assets) are affected. This creates the vulnerability and all its asset associations in a single step.
To learn more about the Findings Library, see the Findings Library documentation.
Saving to Findings Library
You can also work in the other direction: after documenting a vulnerability during an assessment, save it back to your Findings Library as a reusable template. This is particularly useful for building up your personal library of common findings over time.
Linking Vulnerabilities to Assets
A vulnerability can be linked to one or more assets, reflecting which systems are affected. Each link (called a "vulnerability-asset link") tracks:
- The affected asset
- An optional specific port on that asset (e.g., the vulnerability affects the HTTP service on port 443)
- Remediation status per asset (since the same vulnerability may be fixed on one host but not another)
- Notes specific to this asset's instance of the vulnerability (encrypted at rest)
Adding an Asset Link
When linking a vulnerability to an asset:
- Select the target asset from your workspace.
- Optionally select a specific port/service on that asset where the vulnerability was observed.
- Optionally add notes describing how the vulnerability manifests on this specific asset.
The link is created with an initial status of "Identified" and a timeline event is automatically recorded.
Removing an Asset Link
You can unlink an asset from a vulnerability at any time. This removes the association and its remediation history but does not delete either the vulnerability or the asset.
When linking a vulnerability found on a specific service (e.g., a weak SSL cipher on port 443), always specify the port. This level of detail makes your reports more actionable and helps asset owners understand exactly what needs to be fixed.
Remediation Status Tracking
Each vulnerability-asset link has its own remediation status, allowing you to track progress independently per affected host. The status transitions are:
Identified --> Validated --> Remediated
| Status | Description |
|---|---|
| Identified | The vulnerability has been discovered and documented. This is the initial status when a link is created |
| Validated | The vulnerability has been confirmed through additional testing or verification |
| Remediated | The vulnerability has been fixed and verified as resolved |
Updating Status
When you change a link's status, a timeline event is automatically recorded with the old and new status values, the user who made the change, and the timestamp. This creates an auditable remediation history for each vulnerability-asset combination.
You can also update the encrypted notes on a link when changing its status, for example to document what remediation steps were taken or to record re-test results.
Status tracking is per asset link, not per vulnerability. A vulnerability affecting three assets can have different statuses on each -- for example, "Remediated" on two servers but still "Identified" on a third.
Encrypted Remediation Notes
Notes attached to vulnerability-asset links are encrypted at rest using the workspace's data encryption key (DEK). This protects sensitive remediation details such as:
- Exploitation proof-of-concept details
- Specific configuration changes applied
- Credentials or access paths used during validation
- Re-test methodologies and results
Notes are decrypted only when accessed by an authorized workspace member and are never stored in plaintext in the database.
Viewing Vulnerabilities
Workspace Vulnerability List
The main vulnerabilities view shows all vulnerabilities in your workspace with their severity, CVSS score, CVE reference, and creation date. You can use this view to get a high-level picture of your assessment findings.
Vulnerability Detail View
Clicking on a vulnerability opens its detail view, which includes:
- All vulnerability metadata (title, description, severity, CVSS, CVE, CWE, impact, fixes, reference)
- A list of all linked assets with their individual remediation statuses and decrypted notes
- The ability to link additional assets, update statuses, or modify the vulnerability itself
Key Actions
| Action | Permission Required | Description |
|---|---|---|
| View vulnerabilities | View Vulnerabilities | See all vulnerabilities and their linked assets |
| Create vulnerability | Edit Vulnerabilities | Create a new vulnerability manually or from a template |
| Update vulnerability | Edit Vulnerabilities | Modify vulnerability details (title, severity, description, etc.) |
| Delete vulnerability | Edit Vulnerabilities | Permanently remove a vulnerability and all its asset links |
| Link to asset | Edit Vulnerabilities | Associate a vulnerability with an affected asset |
| Update link status | Edit Vulnerabilities | Change the remediation status on a vulnerability-asset link |
| Unlink from asset | Edit Vulnerabilities | Remove the association between a vulnerability and an asset |
| Save to library | View Vulnerabilities | Save a vulnerability as a Findings Library template |
| Create from library | Edit Vulnerabilities | Create a vulnerability pre-filled from a Findings Library template |