Skip to content

Custom Issues

Create custom security issues to address organization-specific threats that ONEKEY's standard frameworks might miss.

To get started:

  1. Select the Custom Issues tab in the top menu.
  2. Click Add new custom issue rule.

  3. Provide a unique name, select your confidence level, add an optional description, and configure the CVSS 3.1 and 4.0 metrics.

    Note

    Both CVSS versions are mandatory.

  4. In the File query field, write an OQL rule to define which files or conditions will flag the custom issue. For example, the query:

    path CONTAINS "httpd.conf" OR path CONTAINS "nginx.conf" OR path CONTAINS "apache2.conf"

    Creates a custom issue that flags web server configuration files that may contain insecure settings.

    See the complete list of file OQL fields for available options.

  5. Click Create Issue Definition.

  6. Rerun analysis on affected firmware for the changes to take effect.

Your custom rules will appear in both the Global Issues page and the individual firmware analysis views after analysis completes.

Click the Edit icon to update a custom issue; click the Delete icon to remove it.