Saltar a contenido

Read a report

A Vex Raptor report is organized so you can triage fast: what's proven, what's most severe, and how to reproduce and fix each issue.

Structure

  1. Executive summary — overall risk score and counts by severity.
  2. Attack chains — where individual findings combine into a higher-impact path, shown with a narrative.
  3. Findings — grouped by severity, each with confidence, evidence, proof of concept (if confirmed), and remediation.

Read severity and confidence together

Each finding shows two independent signals:

  • Severity — impact if real (Critical → Info)
  • Confidence — how it was verified (see Confidence pipeline)

Triage order

Start with CONFIRMED Critical/High — these are proven and impactful. Then review UNVERIFIED Critical/High — high potential impact that needs a manual check. Treat INFO as hardening context.

Proof of concept

Confirmed findings include a reproducible proof of concept — typically the exact curl (or the request/response) that demonstrates the issue. Use it to reproduce the finding yourself and to hand developers something concrete.

Instances and clustering

A finding marked with an instance count (for example "12 instances") is a cluster of the same issue across many endpoints or parameters, collapsed into one master entry to keep the report readable.

Feedback

If you believe a finding is a false positive, mark it. That feedback feeds the learning loop, which down-ranks noisy finding types over time (it never suppresses CONFIRMED findings).

Export

Reports can be exported (HTML/PDF/JSON). Compliance-mapped PDF export (SOC2/PCI/ISO) is available on paid plans — see Verify a remediation and your plan's features.