From scanner intake to verified closure, this guide covers dedup, severity governance, taxonomy, ownership, SLA, and a reversible audit trail.
This guide drives a single finding through the full PMAP lifecycle, from intake to a verified, audit-logged closure. You will confirm that deduplication collapsed scanner repeats so you triage each real issue exactly once, govern effective severity while preserving the scanner-reported original_severity, and enrich taxonomy before assigning the right owners.
It is written for triage analysts and security owners who need defensible, repeatable closures. By the end you can link a VulnDB template with Smart Match, move the finding through the enforced status state machine, track it against SLA, and close it through re-test or a four-eye approval, with every step landing in the audit trail.
Inside this guide
- See how a finding reaches your queue before you open the workspace.
- Confirm deduplication collapsed scanner repeats and read the finding detail.
- Govern effective severity while preserving the scanner-reported original.
- Enrich taxonomy, set the vuln type, and link a VulnDB template with Smart Match.
- Assign users and teams, then advance status through the state machine while tracking SLA.
- Capture notes and evidence, then close via re-test or four-eye approval.
- Bulk-clear the remaining queue and verify the result.
Before you start
- A PMAP account with finding read and edit permissions in the company scope you will work in.
- At least one completed scan import from Nessus, Qualys, Rapid7, DAST, or SAST, so the queue holds real findings.
- Familiarity with your severity policy and SLA thresholds, resolved per project or company.
- The VulnDB template library populated, so Smart Match has candidates to link and backfill from.
- A second reviewer available to satisfy the four-eye approval rule if your tenant gates sensitive status changes.
