ENTERPRISE

Viewing scan details

  • Last updated: October 6, 2021

  • Read time: 4 Minutes

You can click on any scan to view more details, regardless of its current status. However, different information will be presented depending on the status.

Scheduled scans

For scans that have been scheduled but not yet started, you can see the settings that you made when creating the scan, such as the configuration and scheduling settings. Depending on your authorizations, you can also edit these details.

For recurring scans, you can also see a list of all previous times the scan has run, including information about the issues that were found, the duration of the scan, and so on. Click on any previous scan to view more details about it.

Running and completed scans

For scans that are currently in progress or that have finished, you can see a series of tabs that provide information on the scan:

Overview

The "Overview" tab shows a dashboard of graphically presented information on your scan. The tab shows issues by severity and confidence, total issues found, the most serious vulnerabilities and so on.

Issues

The "Issues" tab shows detailed information about the security issues found by the scan. Issues are grouped by their type. The number next to each issue indicates the number of instances of this issue type that were found. If an issue is found on more than one URL, click on the issue to see a list of the relevant URLs. Click on the URL (or the issue if it is found on only one URL) to view more information, to mark the issue as a false positive or to create an associated ticket in Jira. Issues are displayed here as they are found, and if the scan is still ongoing you may need to refresh the page to see any new issues that a scan discovers.

Scanned URLs

This tab only appears once a scan is complete, and does not appear for canceled scans or failed scans that made no progress (e.g. scanning an invalid host). It shows information about which URLs were scanned, successfully or unsuccessfully, and which issues the scanner found at each URL. This tab is a useful entry point for working with scan results. The default view for this tab is a list of URLs. If you prefer, you can select a tree view, which shows URLs in a hierarchy. The tree view also shows the number of requests made by the scan to each URL.

Scan details

The "Scan Details" tab shows detailed information about the scan, such as the scan configuration that was used and the issues found, listed by severity. You can click to see more details on a scan's schedule and the agent machine used for the scan. You can also open details of the scan configuration by clicking on the question mark icon next to the scan configuration name.

For recurring scans, the tab shows the number of issues that are new, resolved, and regressed as compared to the previous scan. This enables you to monitor your security posture over time.

Site details

This tab shows details of the scan's target site. This information includes URLs that have been included or excluded, the protocol settings for the scan, and any application login details that have been applied to the scan.

Reporting & logs

This tab allows you to download a customizable report in HTML formal. You can specify a detailed or summary report, which issue severities to include, and whether you want to include or exclude false positive results. This is useful for sharing scan reports with colleagues who may not have access to Burp Suite Enterprise Edition themselves.

You can also download scan event and scan debug logs. Scan event logs provide details about the progress of a scan and may be useful in determining why a scan is failing. Scan debug logs may be useful if you need to contact our Support team, to help diagnose problems.

Note that the scan log is only available for scans that:

  • Were successfully assigned to an agent.
  • Have run or started running since you upgraded to Burp Suite Enterprise Edition 2020.12.
  • Are less than 10 days old.

Failed scans

Scans with the status "Failed" have been terminated early for some reason. It could be that the scan never started, for example, if the scanner was unable to connect to any of the URLs specified.

If the scan was able to begin but was terminated early, such as if there were too many consecutive errors triggered, then the failed scan details page shows much of the same information as a completed scan. However, on the "Scanned URLs" page, you can see which specific URLs caused the scan to fail.