Viewing the Invicti Vulnerability Integration import run status and records

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Use the Vulnerability Integration Runs related list to verify the success of your integration runs, locate any issues, and inform your remediation decisions.

    Viewing import status, import sets, and records

    To view the status of your imports, as a user in the App-Sec Manager user group, navigate to All > Invicti Vulnerability Integration > Integrations and select an integration record. Select the Vulnerability Integration Runs related list.

    Starting with v1.1, view details such as total processing times, average times for pre- and post-integration run processes, and reports on the integration run records for the Application Vulnerable Item integration.

    To view the import sets, navigate to All > Invicti Vulnerability Integration > Integrations > Import Set Tables and select an integration.

    The Application List Integration creates or updates records based on the Lookup Target:
    • Product model: Discovered Applications [sn_vul_app_release] table
    • Configuration item: Scanned Applications [sn_vul_app_scanned_application] table

    The Scan List integration creates or updates records in the Scanned Applications [sn_vul_app_scan_summary] table.

    The Application Vulnerable Item Integration creates or updates records in the Application Vulnerable Items [sn_vul_app_vulnerable_item] and CWEs [sn_vul_cwe] table.
    Note:
    Each vulnerability in Invicti has a 'type', for example, ProductDirectoryListing. This type is imported mapped as a unique ID into your instance and displayed as part of the value in the Vulnerability field on the application vulnerable item (AVIT) record. In this example the value is Invicti-ProductDirectoryListing, and this value is also displayed as the unique ID on the Application Vulnerability Entry record. Invicti AVITs support multiple Common Weakness Enumeration (CWE) entries, so CWEs are not used as unique IDs. CWEs are also displayed on the AVIT record.

    For Invicti AVITs, if there are duplicate types in Invicti for a vulnerability, the word 'custom' is inserted in the value, for example, Invicti-custom-ProductDirectoryListing. If you create a Custom type for vulnerabilities, the vulnerability ID might be Invicti-Custom-<title of vulnerability>.

    New fields: For scan type=Invicti, the Affected parameters, and Custom fields might include data that can help you understand the vulnerability and help you remediate it. If there is no data, these fields are not displayed on the AVIT.