A scan result (also called a finding or report) represents a security issue discovered by an S4E scan. This guide explains the structure of the result detail page and how to interpret each section.
Result Detail Page
When you click on a scan report entry, the detail page opens with the following sections:
Header
The top of the page shows:
- Scan name -- The name of the scanner that produced the result (e.g., "DNP3 Technology Detection Scanner").
- Target asset -- The IP address or domain that was scanned.
- Port and Protocol -- The specific port and protocol where the issue was detected.
- Alerts -- Number of active alerts associated with this result.
- Actions -- Button to trigger remediation actions.
Score
A numeric score from 0 to 10 indicating the risk level of the finding. Higher scores indicate more critical issues.
| Score Range | Meaning |
|---|---|
| 9--10 | Take action immediately. Exploitation could result in privileged unauthorized access to systems. |
| 7--8 | High risk. Should be addressed promptly. |
| 4--6 | Medium risk. Plan remediation in the near term. |
| 1--3 | Low risk. Monitor and address when possible. |
| 0 | Informational. No immediate risk. |
Severity
The severity classification of the finding: Critical, High, Medium, Low, or Informational.
Status
The current status of the finding (e.g., Open, Fixed, In Progress, Accepted Risk). See Finding Status for all available statuses.
Execution Date
The date and time when the scan was executed.
Source
How the scan was triggered: Continuous Scan, Manual Scan, or Single Scan.
Output
The raw output produced by the scan tool. This is the technical evidence confirming the finding. For example, an Nmap scan output might show:
Starting Nmap 7.98 ( https://nmap.org ) at 2026-04-23 13:29 +0000
Nmap scan report for 5.78.84.227
Host is up (0.21s latency).
PORT STATE SERVICE
20000/tcp open DNP3
| dnp3-info:
| Source Address: 0
| Destination Address: 0
|_ Control: User Data (4)
Nmap done: 1 IP address (1 host up) scanned in 0.74 seconds
You can also click Watch As Video to view a video recording of the scan execution.
General Info
A plain-language description of what the scanner does and why the detected issue matters. This helps you understand the context of the finding without deep technical knowledge.
Solution Advice
Remediation guidance for the finding, including:
- Step-by-step instructions for fixing the issue.
- Security best practices related to the vulnerability.
You can also click Get AI Solution to open Get Your AI Based Solution Advice. The modal asks you to choose keywords that fit the technologies and systems you use. The flow is keyword-based so your specific finding content is not sent to the AI:
- S4E suggests Keywords derived from the scan context (shown as removable chips).
- Remove any chip that is not relevant, or type in Add your Keyword to include your own terms that match your stack and environment.
- Click Generate Solution to produce AI-written remediation guidance.
Only the keywords you keep in that list are used as input; raw findings data, payloads, and other private scan output stay in your tenant and are not shared with the model.
Description
A detailed technical description of the scanner, explaining how it works, what it detects, and what the results mean for your infrastructure.
Scan Parent Details
The category this scan belongs to (e.g., Security Misconfiguration, Injection, Broken Access Control). Click to view related scans in the same category.
Asset Summary
An overview of the affected asset, showing:
- Asset name and IP -- The target that was scanned.
- Total URL -- Number of discovered URLs on the asset.
- Risk score -- The overall risk score of the asset.
- Labels -- AI-generated labels describing the asset type (e.g.,
ai-label-saas-b2b-software-80,ai-label-customer-portal-80). - Severity breakdown -- Count of findings by severity level across the asset.
Resource Usage
Technical metrics about the scan execution:
| Metric | Description |
|---|---|
| Memory | Memory consumed during the scan. |
| CPU | CPU usage percentage. |
| Network | Total network traffic generated. |
| Sent | Bytes and packets sent to the target. |
| Received | Bytes and packets received from the target. |
Other Information
Additional metadata about the scan:
| Field | Description |
|---|---|
| Last Scan | Date of the most recent scan execution. Click Show to view details. |
| First Scan | Date when this issue was first detected. |
| Other Port Scans | Number of other ports scanned on this asset. Click Show to view. |
| Scanner IP | IP address of the S4E scanner that performed the scan. |
| Estimated Next Scan | When the next automatic scan is expected. |
| Finished In | Duration of the scan execution. |
| Latest Change | Date of the most recent status or data change. |
| Scan Parent | The parent category of the scan. |
Toolbox
Quick-access tools and actions available for this finding, such as triggering remediation actions or running related scans.
Comments
A collaboration section where team members can add comments, share context, and discuss the finding. Each comment shows the author, timestamp, and content. Use comments to:
- Document investigation progress.
- Assign follow-up tasks to team members.
- Record decisions about risk acceptance or remediation approach.
What's Next?
- Severity Levels -- Understand how severity is determined.
- Managing False Positives -- Handle incorrect detections.
- Finding Status -- Track findings through their status lifecycle.