AI Finding Generation
AI Finding Generation
Section titled “AI Finding Generation”The AI Finding Generation feature transforms brief vulnerability titles into comprehensive, professional finding documentation. Save hours of writing while maintaining consistent quality.
How It Works
Section titled “How It Works”- Input: Provide a vulnerability title or CVE ID
- Processing: AI analyzes the input and generates content
- Enrichment: If CVE provided, real data is fetched from NVD
- Output: Complete finding ready for review
Using AI Generation
Section titled “Using AI Generation”From New Finding Form
Section titled “From New Finding Form”- Navigate to Findings → + New Finding
- Enter the finding title
- Click Generate with AI
- Wait for generation (typically 5-15 seconds)
- Review populated fields
- Edit and save
What Gets Generated
Section titled “What Gets Generated”| Field | Generated Content |
|---|---|
| Description | Technical explanation of the vulnerability |
| Impact | Security and business impact |
| Remediation | Step-by-step fix instructions |
| CVSS Score | Suggested severity score |
| CVSS Vector | Full CVSS 3.1 vector string |
| CWE ID | Related weakness category |
| References | Helpful external links |
Adding Context
Section titled “Adding Context”Improve generation quality by providing context:
- Finding Specifics field: Add details about your specific instance
- Affected Asset: Mention the target system
- Evidence Notes: Describe what you observed
Example with context:
Title: SQL InjectionFinding Specifics: Found in the search parameter on /products endpointAffected Asset: api.example.comEvidence Notes: Parameter 'q' vulnerable to UNION-based injectionGeneration for Different Finding Types
Section titled “Generation for Different Finding Types”Known CVEs
Section titled “Known CVEs”For findings with CVE IDs:
- Enter:
CVE-2024-1234as the title - Click Generate
- AI fetches official CVE data
- Combines with AI-generated remediation
- References link to official sources
Generic Vulnerabilities
Section titled “Generic Vulnerabilities”For common vulnerability types:
- Enter:
Cross-Site Scripting (XSS) in comment field - Click Generate
- AI generates comprehensive template
- Customize for your specific finding
Custom/Unique Findings
Section titled “Custom/Unique Findings”For unique discoveries:
- Enter descriptive title
- Add detailed specifics
- Generate for starting point
- Heavily customize the output
Two-Pass Generation
Section titled “Two-Pass Generation”NEURO uses a two-pass approach for quality:
Pass 1: Technical Generation
Section titled “Pass 1: Technical Generation”- Core vulnerability description
- Technical impact
- Standard remediation
Pass 2: Evidence Grounding
Section titled “Pass 2: Evidence Grounding”If you provide evidence notes:
- Integrates your specific observations
- References your evidence
- Tailors recommendations
Template vs. Project Findings
Section titled “Template vs. Project Findings”Project Findings
Section titled “Project Findings”For findings in a specific project:
- Include scope-specific context
- Reference actual evidence
- Link to affected assets
- Project-specific recommendations
Template Generation
Section titled “Template Generation”For Content Library templates:
- Generic, reusable content
- No project-specific details
- Suitable for any instance
- Standard remediation steps
Toggle “Generate as Template” for library entries.
Editing AI Output
Section titled “Editing AI Output”Recommended Edits
Section titled “Recommended Edits”After generation, always review and edit:
- Verify accuracy: Check technical details
- Add specifics: Include your evidence details
- Adjust severity: Modify CVSS for your context
- Customize remediation: Add environment-specific steps
- Link assets: Associate affected systems
What to Look For
Section titled “What to Look For”- Outdated information
- Overly generic statements
- Missing context
- Incorrect severity
- Inapplicable remediation
Batch Generation
Section titled “Batch Generation”Generate multiple findings efficiently:
- Create findings with titles only
- Open each finding
- Click Generate with AI on each
- Review and save
Generation Quality Tips
Section titled “Generation Quality Tips”Better Titles = Better Output
Section titled “Better Titles = Better Output”| Good Title | Why It’s Good |
|---|---|
| SQL Injection in login authentication | Specific location |
| Stored XSS via user profile bio | Type and vector specified |
| CVE-2024-21351 | Exact CVE reference |
| Missing rate limiting on /api/auth | Specific endpoint |
| Poor Title | Why It’s Poor |
|---|---|
| SQLi | Too abbreviated |
| Vulnerability | No context |
| Issue | Not descriptive |
| Security problem | Meaningless |
Provide Context
Section titled “Provide Context”More context = better generation:
Title: Insecure Direct Object ReferenceSpecifics: Changing user_id parameter in /api/orders/{user_id} allows access to other users' order historyAsset: api.example.comNotes: Verified by accessing orders for user_id=1 through 100Regeneration
Section titled “Regeneration”If initial output isn’t satisfactory:
- Add more specific context
- Click Regenerate
- Review new output
- Use best parts from both
Performance
Section titled “Performance”Generation Time
Section titled “Generation Time”Typical times:
- Simple finding: 5-10 seconds
- CVE lookup: 10-15 seconds
- Complex with context: 15-20 seconds
Factors Affecting Speed
Section titled “Factors Affecting Speed”- CVE database lookup
- Amount of context provided
- System load
- Network latency
Troubleshooting
Section titled “Troubleshooting”Generation Failed
Section titled “Generation Failed”If generation fails:
- Check your input isn’t empty
- Verify network connectivity
- Try a simpler title
- Wait and retry
Poor Quality Output
Section titled “Poor Quality Output”If output quality is low:
- Be more specific in title
- Add finding specifics
- Include evidence notes
- Try alternative phrasing
Next: Learn about CVE Intelligence