About Audit Assistant

Audit Assistant is an optional tool that you can use to help determine whether or not the issues returned from a scan represent true vulnerabilities. To make its determinations, Audit Assistant needs data to establish a baseline for its predictions. This data is based on the decisions Fortify on Demand auditors have made during scan audits about how to characterize various issues. The data, which is pooled and anonymized, can be used in conjunction with training data based on decisions your auditors have made. Audit Assistant’s assessments of the actual threats that issues represent become more accurate as it receives more training data.

The following sections describe how to obtain an authentication token from OpenText Fortify Audit Assistant, and then use that token to configure a connection to OpenText Fortify Software Security Center. This section also describes the best practices for Fortify Audit Assistant when upgrading to the latest version of OpenText Fortify Audit Assistant powered by the new Gen 2 engine. For more information, see Fortify Audit Assistant Best Practices.

Later sections describe how to set up Audit Assistant training, submit data, and review Audit Assistant results.

See Also

Configuring Audit Assistant

Enabling Auto-Apply and Auto-Predict for an Application Version

Using Audit Assistant

About Prediction Policies

Defining Prediction Policies

Submitting Training Data to Audit Assistant

Reviewing Audit Assistant Results