FAQs
What's the difference between a finding and an alert?
Updated: June 19, 2025
In the FireTail platform, findings and alerts can be used to enhance API security by providing detailed insights into issues and notifying you when specific conditions are met.
What are Findings?
Findings provide detailed information about issues or potential issues with your APIs. They are generated when the FireTail platform identifies an issue corresponding to various API security frameworks, including the OWASP API Security Top 10, CIS API Security Guide, MITRE ATT&CK Tactics & Techniques, and the MITRE CWE Top 25 or other general API security concerns.
How findings are generated
- Event occurrence: Findings can be triggered when an event occurs, such as when a specification is uploaded to the FireTail platform or when a GitHub repository is scanned.
- Event processing: During these events, the events processor scans the file or repository. If certain criteria are met, a finding is created. A single event can lead to multiple findings.
- Log detections and active scanning: Continuous monitoring of logs and scans can trigger new findings.
What are Alerts?
Alerts notify you when specific conditions or thresholds are met in your API environment. FireTail supports two main types of alerts:
- Static alerts: Triggered when predefined static thresholds are exceeded.
- Anomaly detection alerts: Triggered by unusual patterns detected based on historical data.
Alerts are fully customizable — you can set filters, conditions, and choose how you receive notifications (e.g., Slack, email).
Differences between Findings and Alerts
| Aspect | Findings | Alerts |
|---|---|---|
| Purpose | Detailed security issues identified by FireTail based on standards | Notifications based on user-defined thresholds or anomalies |
| Trigger | Specific security criteria or scanning results | User-configured conditions or anomaly detection |
| Usage | Investigate and remediate API security issues | Stay informed and respond to changing API activity |