Findings
A finding is a signal that something needs attention on an endpoint. Findings are what vulnerability scanners produce — CVEs, compliance failures, end-of-life software warnings. They are the “why” behind remediation, but they are not the unit of action. Multiple findings often point to the same fix.
How findings enter Furl
Section titled “How findings enter Furl”Findings flow into Furl through integrations with your vulnerability scanners and compliance tools. When a scanner reports that an endpoint has a vulnerability, Furl creates a finding record linking the specific issue to the specific device.
Findings can also originate from Checks — Forge-authored detections the agent evaluates against endpoint telemetry.
Finding types
Section titled “Finding types”| Type | What it means | Example |
|---|---|---|
| Vulnerability | A known security flaw (CVE) | CVE-2024-1234 in Chrome 119 |
| Compliance | Fails a compliance rule | CIS benchmark: password policy not set |
Severity
Section titled “Severity”Findings are scored by severity: critical, high, medium, low, or info. Severity influences governance decisions — for example, critical findings may auto-execute while low findings require approval. Severity is also one of the filters available when you define a remediation scope.
Subject-centric design
Section titled “Subject-centric design”Furl groups findings by remediation subject, not by individual CVE. If Chrome 119 has 5 CVEs, you see “Chrome needs updating” with a count of 5 findings — not a list of 5 separate CVEs. Updating Chrome to the latest version resolves all 5 at once.
This is a deliberate design choice: the unit of remediation is the subject instance, not the finding.
Related
Section titled “Related”- Remediation Subjects — findings are grouped by subject
- Remediation Targets — findings link to concrete targets
- Remediation Scopes — scopes can filter by finding type and severity