Findings

Findings are the core output of security assessments—the vulnerabilities, misconfigurations, and security issues you discover. NEURO provides comprehensive tools for documenting, tracking, and reporting findings.

Overview

A finding in NEURO includes:

Title and description
Severity and CVSS score
Impact and likelihood
Remediation recommendations
Evidence (screenshots, logs)
Affected assets
Status tracking
References (CVE, CWE)

Viewing Findings

Project Findings

Access findings within a project:

Open the project
Navigate to the Findings tab
View all findings for that project

Global Findings

View all findings across projects:

Navigate to Findings (G + F)
Filter by project, client, or severity

Finding List Features

Search: Find by title, description, CVE
Filter: Severity, status, type, project
Sort: By severity, date, title
Bulk Select: Multi-select for operations
Export: Export to CSV

Creating Findings

Method 1: Manual Entry

Click + New Finding or C + F
Complete the finding form
Click Save Finding

Method 2: AI-Assisted Generation

Click + New Finding
Enter just the finding title (e.g., “SQL Injection”)
Click Generate with AI
Review and edit the generated content
Click Save Finding

Method 3: From Content Library

Open the Content Library
Find a vulnerability template
Click Use in Project
Select the target project
Customize for your specific finding

Method 4: Import

Import findings from security tools:

Nessus scan results
Burp Suite findings
CSV import
API integration

Finding Form Fields

Basic Information

Field	Required	Description
Title	Yes	Clear, descriptive name
Project	Yes	Associated project
Status	Yes	Current finding status
Severity	Yes	Risk severity level

Severity Levels

Level	CVSS Range	Description
Critical	9.0 - 10.0	Immediate exploitation risk
High	7.0 - 8.9	Significant security impact
Medium	4.0 - 6.9	Moderate security concern
Low	0.1 - 3.9	Minor security issue
Informational	0.0	No direct security impact

CVSS Scoring

NEURO includes an interactive CVSS 3.1 calculator:

Click Calculate CVSS in the finding form
Select values for each metric:
- Attack Vector (Network, Adjacent, Local, Physical)
- Attack Complexity (Low, High)
- Privileges Required (None, Low, High)
- User Interaction (None, Required)
- Scope (Unchanged, Changed)
- Confidentiality Impact (None, Low, High)
- Integrity Impact (None, Low, High)
- Availability Impact (None, Low, High)
Score is calculated automatically
Vector string is generated

Description Fields

Field	Purpose
Description	Technical explanation of the vulnerability
Impact	Business/security impact if exploited
Remediation	Steps to fix the vulnerability
References	External links and resources

Status Options

Status	Description
Open	Newly identified
Confirmed	Verified vulnerability
In Progress	Remediation started
Remediated	Fix applied
Verified	Fix confirmed working
Accepted Risk	Risk acknowledged, not fixing
False Positive	Not actually a vulnerability

CVE and CWE

Link findings to standard identifiers:

CVE ID: Common Vulnerabilities and Exposures identifier
- Auto-lookup fetches data from NVD
- Populates CVSS, description, references
CWE ID: Common Weakness Enumeration
- Categorizes the vulnerability type

AI Features for Findings

Generate Technical Description

The AI can generate comprehensive finding content:

Enter finding title
Optionally add specifics about your finding
Click Generate with AI
AI generates:
- Technical description
- Impact statement
- Remediation steps
- CVSS scoring
- References

CVE Intelligence

When you enter a CVE ID:

NEURO queries NVD/MITRE
Auto-populates:
- Official CVSS score
- CVSS vector
- Description
- References
- Related CWE

Enhance Existing Finding

Improve a finding with AI:

Open the finding
Click Enhance with AI
Review suggestions
Apply improvements

See AI Features for details.

Evidence Management

Document proof of vulnerabilities:

Adding Evidence

Open finding details
Go to Evidence tab
Click + Add Evidence
Upload files or paste content

Evidence Types

Type	Purpose
Screenshot	Visual proof
Request/Response	HTTP traffic
Command Output	Terminal results
Code Snippet	Vulnerable code
Configuration	Misconfigured settings

Evidence Best Practices

Capture clear, focused screenshots
Highlight relevant portions
Include context (timestamps, system info)
Redact sensitive data when needed
Add captions explaining each piece

Affected Assets

Link findings to target assets:

In finding form, go to Affected Assets
Search for assets or add new ones
Select all affected systems
Save the finding

Benefits:

Track which assets have vulnerabilities
Generate asset-specific reports
Prioritize remediation by system

Tags and Categories

Organize findings with tags:

Adding Tags

In finding form, find Tags field
Type tag name
Select existing or create new
Press Enter

Common Tag Uses

Vulnerability type (XSS, SQLi, RCE)
Attack phase (Recon, Exploitation)
Compliance mapping (PCI, HIPAA)
Priority (Quick Win, Complex)

Bulk Operations

Perform actions on multiple findings:

Select findings using checkboxes
Click Bulk Actions
Choose action:
- Update status
- Add tags
- Assign to project
- Export
- Delete

Finding Comments

Collaborate on findings:

Open finding details
Scroll to Comments section
Add comments and mentions
Team members are notified

Use comments for:

Remediation discussion
Additional context
Review feedback
Status updates

Exporting Findings

Export to CSV

Go to Findings list
Apply desired filters
Click Export → CSV
Download file

Export to Report

Generate a report containing findings:

Go to project Reports tab
Select findings to include
Generate report

Finding History

Track all changes to a finding:

Open finding details
Click History tab
View all modifications:
- Who made changes
- What was changed
- When it occurred

Deleting Findings

Open finding details
Click Delete Finding
Confirm deletion

Next: Learn about Asset Management