Understanding the Dynamic Analysis Coverage Report

Dynamic Analysis

You can see a simplified view of attack and non-attack traffic that Dynamic Analysis detects in the Dynamic Analysis Coverage Report.

Dynamic Analysis generates the Coverage Report after a URL scan is complete and results are available.

The Coverage Report provides information about the URLs that Dynamic Analysis crawled.

The top part of the report includes this information:

Scan Times and Duration
Identifies the scan status, start and end times for the scan, and duration of the scan.
Coverage Summary
Provides a summary of the URLs found, including:
  • Total Unique URLs Found
  • Audited URLs
  • Ignored URLs
  • Blocked URLs
  • Total Scan Activity: identifies the number of entries in the Scan Activity Log table. This number reflects the amount of work the scan engine performed, including both crawl and audit activity. Total Scan Activity compares results between scans of the same site. You can use it to identify changes to:
    • The content of the site
    • The quality of network connectivity
The bottom part of the report has two tabs for different types of data:
Unique URLs Found
Contains unique URL information. Dynamic Analysis removes any duplicate URLs from this data table, which has these columns:
  • URL: each unique URL that Dynamic Analysis crawled
  • Count: how many times Dynamic Analysis encountered that specific URL
  • Type: explains the category of content that Dynamic Analysis audited
    • Resource: static files such as images or CSS that the scan engine ignores
    • Websocket: bidirectional, real-time requests made over WebSocket
    • Network: low-level exchanges sent by the scan engine, including those sent as part of security tests
    • Browser: unique browser location that the scan engine discovered and passed through redundancy checks
    • Event Source: unidirectional, real-time events sent to a browser over an event source channel
  • Scope: determines if the URL is within the scope of the scan
    • Audit: in scope of the scan
    • Block: on the URL blocklist
    • Ignore: outside the scope of the scan
Scan Activity Log
Contains all coverage information an analysis collected, consisting of the unique URL information and these additional columns:
  • Timestamp: time at which the scan engine sent a request to the URL
  • Method: HTTP request made by the scan engine to the application
  • Response: HTTP response status code that the request was successful
  • Duration: length of time the scan engine interacted with the URL
The scan activity log provides all the information collected during the analysis.

Filters are available for most of the column headers in the Coverage Report to enable you to customize the report.

You can access the report from the Actions menu in the URLs List table.
Access the Coverage Report from the URLs List table.
You can also access the report from the URL Actions menu on the URL Configuration Scan Summary page.
Access the Coverage Report from the URL Configuration Scan Summary page.

If a Coverage Report is not available when you select the menu option, it is because the analysis stopped without completing or it predates this feature.