This guide explains how to use the finding evidence table token in reports using a query string-like syntax.
Basic Structure
The token uses URL-style parameters separated by & characters. For example:
{FindingEvidence_Table?columns=title,ip,port,protocol,issue_details&setting.filter.type=Vulnerability}
This will be replace by a table per Finding of Evidences of type Vulnerability, with the following columns: title, ip, port, protocol, issue_details.
All evidences will be displayed, including the ones with 'Not visible in Report'.
1. Required parameters
These are the required parameters and their options. You can find all the available fields here (Evidence Fields section):
columns=[field1, field2]&
2. Grouping
Finding Evidences can be grouped by finding or asset, if desired:
group_by=[asset/finding]&
3. Filtering and Sorting (Optional)
Filter findings by various criteria:
setting.filter.type=Vulnerability&
setting.filter.status=ReadyRetest,PendingFix&
setting.filter.severity=Critical,High&
setting.filter.labels=Security,PCI-DSS&
setting.sort.direction=Ascending&
HTML Structure and CSS Classes
The Finding Evidence Table token generates tabular evidence data organized by findings with configurable columns.
Root Container
<div class="finding-evidences-container">
Purpose: Top-level container for all evidence table content.
CSS Class: finding-evidences-container
Group Headers
<h5 class="finding-evidences-table-header">SSH Weak Key Exchange Algorithms Enabled</h5>
Purpose: Displays the finding name when group_by is configured.
CSS Class: finding-evidences-table-header
Table Structure
<table class="findings-evidence-table">
<thead>
<tr>
<th>Column Display Name</th>
</tr>
</thead>
<tbody>
<tr>
<td class="evidence-[column-name]">Cell Content</td>
</tr>
</tbody>
</table>
CSS Classes:
-
findings-evidence-table: Base table styling -
evidence-[column-name]: Column-specific cell class (e.g.,evidence-title,evidence-ip,evidence-port,evidence-protocol)