AI-Enhanced Attack Modules
You can use AI in Application Security (InsightAppSec) to help prevent false positives from appearing in your scan results. This is achieved using the attack modules and attack templates in your scan configuration. The false positives flagged by AI are excluded from your scan results, so you can save time manually reviewing vulnerabilities that have no impact on your business.
Requirements
To use this feature you must:
- Have the View and Change Attack Templates user permission in Application Security (InsightAppSec). For more information, read Role-Based Access Control .
- Use a cloud-based scan engine. On-premise scan engines do not support this feature.
Feature availability by region
Due to specific model infrastructure requirements, this feature is currently not available in APS2 and ME regions. The CA region may experience varied results due to these limitations.
Enable AI-enhanced attack modules
Enabling AI-enhanced attack modules will affect all future and scheduled scans the attack module is configured on. Note that exceptionally large scans may have varied results due to their size.
This feature is available for Blind SQL Injection
This feature is currently available for the Blind SQL Injection attack module. More attack modules will be supported in future releases.
To enable AI-enhanced attack modules in your scan configuration:
- Go to Settings > Scan Options > AI Settings and click Manage AI Features for your organization.
- Enable the AI Vulnerability Pre-Triage feature toggle. A confirmation modal will appear.
- Optionally, click the check box to enable applicable AI Attack Modules by default. This will automatically turn on any new AI pre-triage capabilities for applicable attack modules as they become available.
- Click Turn On.
- Click Manage Attack Templates.
- Select an attack template you wish to enable AI pre-triage for.
- Go to the attack modules tab.
- Enable AI Pre-Triage toggle for the applicable attack module.
- Click Save.
False positive results are removed from all results
AI-enhanced attack modules remove flagged false positives from your environment entirely. If you wish to compare AI-enhanced results with regular scan results, run two scans - one with AI enabled and one without - and review them side-by-side.
Turn off AI-enhanced attack modules
You may want to turn off AI-enhanced attack modules to measure the effectiveness of false positive reduction or for auditing purposes.
You can turn off AI-enhanced attack modules at the organization level or per a single scan configuration. Turning off the AI-enhanced attack module will affect future and scheduled scans.
For the entire organization
- Go to Settings > Scan Options > AI Settings and click Manage AI Features for your organization.
- Disable the AI Vulnerability Pre-Triage feature toggle. A confirmation modal will appear.
- Click Turn Off.
For a single scan configuration
- Go to Settings > Scan Options > AI Settings and click Manage AI Features for your organization.
- Click Manage Attack Templates.
- Select an attack template you wish to disable AI pre-triage for.
- Go to the attack modules tab.
- Disable the AI pre-triage toggle for the applicable attack module.
- Click Save.