FortifyData recent platform additions/modifications
View in browser
fortifydata_email_header

Hi there,

Below are FortifyData's release notes for November 10th.

  1. New KEV Email Notification for Enterprise Companies
  2. Default Asset Classification Standard
  3. New API Endpoint for Informational Findings

Enhancements

 

1.  New KEV Email Notification for Enterprise Companies 

 

Introduced a new notification type within KEV email alerts specifically for Enterprise clients, expanding visibility into critical vulnerability updates. 

    release-notes-Nov10-email-notification

    2. Default Asset Classification Standardization 

     

    Added a company-level “Default Asset Classification” dropdown and implemented consistent classification rules across manual asset creation, settings, bulk uploads, and integrations. Assets imported from Defender and Nessus Collectors now follow the same classification hierarchy, with fallback to “Moderate” when no explicit classification is provided. See below: 

    release-notes-nov10-asset-classification

    3.  New API Endpoint for Informational Findings 

     

    A new API feature has been introduced to provide access to informational findings upon client request.


    This enhancement improves data visibility, integration options, and reporting capabilities across Enterprise, Third-Party, and Portfolio

     

    The purpose of this new endpoint is to allow authorized users and integrated systems to retrieve informational findings (i.e., non-critical observations or advisories identified during assessments) directly from the platform.


    This enables better analysis, automation, and reporting of informational-level insights that were previously accessible only through the UI.

     

    Available Endpoints

    • Infrastructure Findings

    /api/v1/vulnerability/infrastructure/info/id/

    • Application Findings

    /api/v1/vulnerability/application/info/id/

     

    Example Response
    {

    "companyId": "12345",

    "entityType": "Enterprise",

    "page": 1,

    "totalPages": 5,

    "findings": [

       {

         "findingId": "INF-001",

         "category": "Configuration Advisory",

         "description": "Default SNMP community string detected",

         "severity": "Informational",

         "dateIdentified": "2025-10-25"

       }

    ]

    }

     

    Parameters

    • companyId – This is a required path parameter. It represents the unique identifier of the company, third party, or portfolio for which the informational findings are being requested.
    • page – This is an optional query parameter. It can be used when there is a high number of records to retrieve results in smaller, paginated sets. The parameter accepts numeric values (for example, ?page=1, ?page=2, etc.).

    When the page parameter is not provided, the API returns the first page of results by default.

    Benefits

    • Enables automated retrieval of informational findings for reporting or integration with external tools.
    • Reduces manual data extraction from reports.
    • Supports scalable pagination for large result sets.
    • Consistent data access across Infrastructure and Application vulnerability modules. 

    4. Framework Selection

    • Once uploaded, if the document is in Pending status, users can:
    • Change the associated framework.
    • This is done by clicking the selected record while the status is still Pending. 
    release-notes-nov10-code-image

    Other Additions and Issues Fixed

     

    1. Read-Only Access for Clients to view All Global Available Platform Questionnaires
    2. Updated permissions logic to ensure that company users who have full access to a selected subsidiary can view all external assets associated with that subsidiary, as granular asset-based permissions are not currently supported.
    3. Asset and Vulnerability Impact Level Alignment
      Resolved an issue where assets displayed inconsistent impact levels between the Assets and Vulnerabilities/Web App pages (e.g., showing Medium on one page and High on another). Impact levels are now synchronized across all views.
    4. Updated Third Party Executive Summary Report
      - Enhanced the Third-Party Executive Summary Report with the following updates:
    • Added the Recommendations section.
    • Added Business Decision/Status.
    • Included a Findings Summary and also added visual charts from the Enterprise report version.
    1. Extended User Inactivity Timeout
      Increased the user's inactivity deactivation threshold from 10 minutes to 24 hours, giving users more time to complete account activation without being logged out.
    2. Enhanced AI Analysis Results View
      Added new action columns — Request Remediation, Request Evidence, and others — to the Completed AI Analysis table for improved visibility and interaction.

    Should you have any questions regarding these updates, please reach out to FortifyData or simply reply to this email. 
    LinkedIn
    Website
    X
    YouTube

    FortifyData, 1720 Mars Hill Road, Suite 124-181, Acworth, GA 30101, United States, 888-396-4110

    Unsubscribe Manage preferences