Read a report¶
A Vex Raptor report is organized so you can triage fast: what's proven, what's most severe, and how to reproduce and fix each issue.
Structure¶
- Executive summary — overall risk score and counts by severity.
- Attack chains — where individual findings combine into a higher-impact path, shown with a narrative.
- Findings — grouped by severity, each with confidence, evidence, proof of concept (if confirmed), and remediation.
Read severity and confidence together¶
Each finding shows two independent signals:
- Severity — impact if real (Critical → Info)
- Confidence — how it was verified (see Confidence pipeline)
Triage order
Start with CONFIRMED Critical/High — these are proven and impactful. Then review UNVERIFIED Critical/High — high potential impact that needs a manual check. Treat INFO as hardening context.
Proof of concept¶
Confirmed findings include a reproducible proof of concept — typically the exact
curl (or the request/response) that demonstrates the issue. Use it to
reproduce the finding yourself and to hand developers something concrete.
Instances and clustering¶
A finding marked with an instance count (for example "12 instances") is a cluster of the same issue across many endpoints or parameters, collapsed into one master entry to keep the report readable.
Feedback¶
If you believe a finding is a false positive, mark it. That feedback feeds the learning loop, which down-ranks noisy finding types over time (it never suppresses CONFIRMED findings).
Export¶
Reports can be exported (HTML/PDF/JSON). Compliance-mapped PDF export (SOC2/PCI/ISO) is available on paid plans — see Verify a remediation and your plan's features.