Configure integration behavior for carried over findings

Configure integration behavior for carried over findings

## **What is a Carried-Over Finding?**

When you conduct a pentest on an asset that still has unfixed findings from a previous pentest, pentesters can “carry over” the findings to the new pentest. When the pentester carries over the finding, the original finding’s state will be set to “Carried Over”.

## **Default Integration Behavior for Carried-Over Findings**

By default, ticketing integrations will treat carried over findings as new findings. This means that your integration will create a new ticket for the carried over finding regardless of the existence of a ticket for the original finding.

## **Avoid Creating New Tickets for Carried-Over Findings**

If you do not want your integration to create a new ticket for a carried-over finding when a ticket already exists for the original finding, you can configure your integration to use the alternative carry-over handling logic.

## **Global Configuration for New Pentests**

By following the steps below, you can configure the default carry-over finding handling behavior of your integrations for all newly created pentests. This configuration change will not apply to pentests that have already been created.


1. Navigate to the Integrations page using the main Cobalt navigation bar
2. Locate the “Default Integration Settings” section within the Integrations page
3. Click the gear icon

 ![](https://brainfish-storage-prod.s3-accelerate.amazonaws.com/uploads/8e42b09c-e27b-4b5a-ba0c-7a5ef138ea38/2c10b39a-c562-4daa-8ab1-b8d80834b73e/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAUPPN5IL3VTUHI6AG%2F20260412%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20260412T111522Z&X-Amz-Expires=3000&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEJP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMiJHMEUCIFEFwroj6wWzNhAfeQfXUey4GubFlAEZZ37ebzapDmKaAiEAxtvW1NtN725W0Q2U%2BH%2BGspggGK5%2FhER%2FWV3%2BpkWfjsEq3QUIXBACGgwzMDgxMjU5NzUyODciDOROQV12BGQ3k%2Bfe%2FCq6BQPA%2FfGrIeC5jNOXSriQyom48XVb%2BD6XfddEpaWyccpgJnxomjDK9XNvebuGN2Tf%2F%2FrZ0FFbDUYvUt1yxv27sHX7xsqVqUhqU1G5U79a7uPrb87YSiIlwIf4oWGc%2FiLOdb1Fv1nOXHcSDCodwepq30pCumZiRvAA4ADnNFzO2x7T%2FBKNysyXyhFJQKHaobUmSSO7ybmxIVaz6WQojt3wiN3YY7grSGs%2Boxp9b0ycQdcfipFisP822Av8DuuoVbFqaJ3Y8RrlIvGMipJGLUOdgKQDgSMGHIPHKNmKZOerkNHGoQxNWpedHq9erKrpDU8O3Ew6%2F43X3%2ByK7zR4nx6WpnIgS5j2L%2BYkntGs0xJWrUDCVvX5iH8c%2FgvU6eq2kguATiLtiYDHr9BOBNYLIaVVhuOmmRRv8Nc5RbR%2FVsJlRYCBpbdvLhhaMVG4%2FdN6UqLOtJC6%2BOJBJ4VQ18KyHsmrI4nIqGjFJomkFGYxj8bPtROvW2YD48ozn1bddfDxwD1oFVmgLQb8Rq5Nk%2FpI07rlaaWzHowFk%2BHzodRFBZe%2F8%2BAvTJgEsm36nGelPKmIivpuSywMDDaeVlsHPsagM7Nb%2BHGvkwiOsQMvJi46Gjf5adhdIqPY6RqwigObj7xVEYC1UZRH7nbinFyVBJ2oTem8ElHjEku1R3YH2B5bGagJ7apGbRrCBrZq01hr3XRPS2r5vakctC1YhSh00T0mfP%2BDeaVxxapb8JpOn08o%2F724RksIT21fHQnY6gCNbTpYIiucqJE8gsQQ9kw3CZb1YAmDz8Aow1L1l0x8oCdYBfJmlspda%2FZ0pPjFFXVmCMNLI5%2B54gPLRA3DAL0%2FxjnCSqhKYpLoD%2BfS%2BN9%2BcfUvELyDW8UdIO7unRfwH%2FJ4ZheLvGcRT3dt95jLud7e60qkoh%2FuPKwExn1rwGCYOTJKMNLr7c4GOpABH50YCrYeZYcnR5arnNBYb25p5SAzHVRcH%2Bd8RoYg3z0A%2FL083aLSBwCp9evtD85Z8w0jcN144vLkIlgK3ZVMyPhKPeZ4a%2FCn4jbCxQ%2BVoRKwSIa7NLE6WgbP4hV5aVtbiO%2FCbFhOrKWiXSNRtvCMN5BHyOkNiFgtBMgf5gvss%2Fl5D6o5a8CTpTU2TBtDFAfd&X-Amz-Signature=b6ffc10453359dc8ac2e60e8bd350d86a87f62cc4169ad0ecf2511feff18fab8&X-Amz-SignedHeaders=host&response-content-disposition=attachment)


4. Click the radio button for the “Re-associate existing ticket” option

 ![](https://brainfish-storage-prod.s3-accelerate.amazonaws.com/uploads/8e42b09c-e27b-4b5a-ba0c-7a5ef138ea38/8ad1bf9c-87f8-44c7-9df4-4d13985c3b05/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAUPPN5IL3VTUHI6AG%2F20260412%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20260412T111522Z&X-Amz-Expires=3000&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEJP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMiJHMEUCIFEFwroj6wWzNhAfeQfXUey4GubFlAEZZ37ebzapDmKaAiEAxtvW1NtN725W0Q2U%2BH%2BGspggGK5%2FhER%2FWV3%2BpkWfjsEq3QUIXBACGgwzMDgxMjU5NzUyODciDOROQV12BGQ3k%2Bfe%2FCq6BQPA%2FfGrIeC5jNOXSriQyom48XVb%2BD6XfddEpaWyccpgJnxomjDK9XNvebuGN2Tf%2F%2FrZ0FFbDUYvUt1yxv27sHX7xsqVqUhqU1G5U79a7uPrb87YSiIlwIf4oWGc%2FiLOdb1Fv1nOXHcSDCodwepq30pCumZiRvAA4ADnNFzO2x7T%2FBKNysyXyhFJQKHaobUmSSO7ybmxIVaz6WQojt3wiN3YY7grSGs%2Boxp9b0ycQdcfipFisP822Av8DuuoVbFqaJ3Y8RrlIvGMipJGLUOdgKQDgSMGHIPHKNmKZOerkNHGoQxNWpedHq9erKrpDU8O3Ew6%2F43X3%2ByK7zR4nx6WpnIgS5j2L%2BYkntGs0xJWrUDCVvX5iH8c%2FgvU6eq2kguATiLtiYDHr9BOBNYLIaVVhuOmmRRv8Nc5RbR%2FVsJlRYCBpbdvLhhaMVG4%2FdN6UqLOtJC6%2BOJBJ4VQ18KyHsmrI4nIqGjFJomkFGYxj8bPtROvW2YD48ozn1bddfDxwD1oFVmgLQb8Rq5Nk%2FpI07rlaaWzHowFk%2BHzodRFBZe%2F8%2BAvTJgEsm36nGelPKmIivpuSywMDDaeVlsHPsagM7Nb%2BHGvkwiOsQMvJi46Gjf5adhdIqPY6RqwigObj7xVEYC1UZRH7nbinFyVBJ2oTem8ElHjEku1R3YH2B5bGagJ7apGbRrCBrZq01hr3XRPS2r5vakctC1YhSh00T0mfP%2BDeaVxxapb8JpOn08o%2F724RksIT21fHQnY6gCNbTpYIiucqJE8gsQQ9kw3CZb1YAmDz8Aow1L1l0x8oCdYBfJmlspda%2FZ0pPjFFXVmCMNLI5%2B54gPLRA3DAL0%2FxjnCSqhKYpLoD%2BfS%2BN9%2BcfUvELyDW8UdIO7unRfwH%2FJ4ZheLvGcRT3dt95jLud7e60qkoh%2FuPKwExn1rwGCYOTJKMNLr7c4GOpABH50YCrYeZYcnR5arnNBYb25p5SAzHVRcH%2Bd8RoYg3z0A%2FL083aLSBwCp9evtD85Z8w0jcN144vLkIlgK3ZVMyPhKPeZ4a%2FCn4jbCxQ%2BVoRKwSIa7NLE6WgbP4hV5aVtbiO%2FCbFhOrKWiXSNRtvCMN5BHyOkNiFgtBMgf5gvss%2Fl5D6o5a8CTpTU2TBtDFAfd&X-Amz-Signature=f895654787d80214893e98796ade0f4a1097088ea290b34754bbf762ebd5cbd9&X-Amz-SignedHeaders=host&response-content-disposition=attachment)


5. Click save

## **Pentest-specific Configuration**

By following the steps below, you can configure the carry-over finding handling behavior of your integrations for a single pentest.


1. Navigate to the pentest in the Cobalt UI
2. Navigate to the Integrations tab
3. In the “Ticket creation for carry over findings” section, click the radio button for the “Re-associate existing ticket” option
4. Click save

 ![](https://brainfish-storage-prod.s3-accelerate.amazonaws.com/uploads/8e42b09c-e27b-4b5a-ba0c-7a5ef138ea38/6bf90a8a-5e3c-4dfe-a63e-04f2577467c9/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAUPPN5IL3VTUHI6AG%2F20260412%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20260412T111522Z&X-Amz-Expires=3000&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEJP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMiJHMEUCIFEFwroj6wWzNhAfeQfXUey4GubFlAEZZ37ebzapDmKaAiEAxtvW1NtN725W0Q2U%2BH%2BGspggGK5%2FhER%2FWV3%2BpkWfjsEq3QUIXBACGgwzMDgxMjU5NzUyODciDOROQV12BGQ3k%2Bfe%2FCq6BQPA%2FfGrIeC5jNOXSriQyom48XVb%2BD6XfddEpaWyccpgJnxomjDK9XNvebuGN2Tf%2F%2FrZ0FFbDUYvUt1yxv27sHX7xsqVqUhqU1G5U79a7uPrb87YSiIlwIf4oWGc%2FiLOdb1Fv1nOXHcSDCodwepq30pCumZiRvAA4ADnNFzO2x7T%2FBKNysyXyhFJQKHaobUmSSO7ybmxIVaz6WQojt3wiN3YY7grSGs%2Boxp9b0ycQdcfipFisP822Av8DuuoVbFqaJ3Y8RrlIvGMipJGLUOdgKQDgSMGHIPHKNmKZOerkNHGoQxNWpedHq9erKrpDU8O3Ew6%2F43X3%2ByK7zR4nx6WpnIgS5j2L%2BYkntGs0xJWrUDCVvX5iH8c%2FgvU6eq2kguATiLtiYDHr9BOBNYLIaVVhuOmmRRv8Nc5RbR%2FVsJlRYCBpbdvLhhaMVG4%2FdN6UqLOtJC6%2BOJBJ4VQ18KyHsmrI4nIqGjFJomkFGYxj8bPtROvW2YD48ozn1bddfDxwD1oFVmgLQb8Rq5Nk%2FpI07rlaaWzHowFk%2BHzodRFBZe%2F8%2BAvTJgEsm36nGelPKmIivpuSywMDDaeVlsHPsagM7Nb%2BHGvkwiOsQMvJi46Gjf5adhdIqPY6RqwigObj7xVEYC1UZRH7nbinFyVBJ2oTem8ElHjEku1R3YH2B5bGagJ7apGbRrCBrZq01hr3XRPS2r5vakctC1YhSh00T0mfP%2BDeaVxxapb8JpOn08o%2F724RksIT21fHQnY6gCNbTpYIiucqJE8gsQQ9kw3CZb1YAmDz8Aow1L1l0x8oCdYBfJmlspda%2FZ0pPjFFXVmCMNLI5%2B54gPLRA3DAL0%2FxjnCSqhKYpLoD%2BfS%2BN9%2BcfUvELyDW8UdIO7unRfwH%2FJ4ZheLvGcRT3dt95jLud7e60qkoh%2FuPKwExn1rwGCYOTJKMNLr7c4GOpABH50YCrYeZYcnR5arnNBYb25p5SAzHVRcH%2Bd8RoYg3z0A%2FL083aLSBwCp9evtD85Z8w0jcN144vLkIlgK3ZVMyPhKPeZ4a%2FCn4jbCxQ%2BVoRKwSIa7NLE6WgbP4hV5aVtbiO%2FCbFhOrKWiXSNRtvCMN5BHyOkNiFgtBMgf5gvss%2Fl5D6o5a8CTpTU2TBtDFAfd&X-Amz-Signature=a2281a5cfe51d696831d3c2f077032b7a830f1d7af581a8932200c2a5cb16ee6&X-Amz-SignedHeaders=host&response-content-disposition=attachment)

## **What Does Re-associating the Existing Ticket Do?**

When the carried over finding is moved to the Pending Fix state, the following will happen:


1. The ticket will be unlinked from the original finding
2. The ticket will be linked to the carried over finding

## **Which Integrations Are Supported?**

* Native Jira Cloud integration
* Native Jira Data Center (server) integration
* Integration Builder External Ticket References




Carried Over Findings

Cobalt Integrations Overview

Troubleshooting

HTTP Connector

Import Assets from Google Sheets

Map Cobalt Pentest Finding Severity to Jira Issue Priority

Modify Jira Issue Summary to contain Pentest Title

Create Azure DevOps Work Item for Findings

Send MS Teams notifications for Findings

Create GitLab tickets for Findings

Create Jira tickets for Findings

Send email notifications for Findings from Outlook

Create GitHub tickets for Findings

How to Guides

Connect your applications

Integration Builder

Synchronize Cobalt Severity Levels with Jira

Push Cobalt Findings to Jira

Jira Cloud Integration

Jira Data Center Integration

Troubleshoot Your Jira Integration

Switching to a New Jira Instance

Integrate Jira with Cobalt

Slack

Microsoft Teams

Webhooks

DefectDojo

Kenna Security

Vanta

Create Test Finding

Integrations

How to get started with Cobalt

Getting Started

Risk Advisories

Assets are what we pentest

Asset Types

Create an Asset

Assets

Pentests

Overview

Asset Details

Pentest Details

Scope & Test Period

Preparation

Create a Pentest

Pentest Process

Pentest States

Coverage Checklist

Pentest Expectations

Set Up an In-House Pentest

Complete an In-House Pentest (For Pentesters)

In House Pentests

Severity Levels

Finding States

Remediate Findings

Findings

Customize Your Report

Co-branded Reports

Contents of a Pentest Report

Reports

Engagements Overview

Digital Risk Assessment

Secure Code Review

Engagements

Insights

Planning

Cobalt Methodologies Overview

Web Methodologies

API Methodologies

External Network Methodologies

Internal Network Methodologies

Mobile Methodologies

Cloud Configuration Review Methodologies

Cloud Pentest Methodology

Desktop Methodologies

AI/LLM Methodologies

Digital Risk Assessment Methodology

Secure Code Review Methodologies

Methodologies

Attack Surface Monitoring (ASM)

Attack Surface

DAST Scanner Overview

Best Practices

Partial Scans: Reduced Scope

Scans

Sequence recorder

Targets

Target Authentication

Extra Hosts

Blackout Period

DAST Scanner

Account Overview

Account Settings

Password Best Practices

Sign In to Cobalt

Troubleshoot Sign-in Issues

User Account

Collaboration Overview

Collaborate on Pentests

Groups

Manage Pentest Collaborators

Manage Notifications

User Roles and Permissions

Collaboration

Organization Overview

Manage Users

Your Cobalt Contract

How to Configure SAML 2.0 for Cobalt 

SAML Migration: Update Your Configuration

Configure SAML SSO

SCIM Provisioning Setup Guide

Configure Organization Settings

Organization

Cobalt Credits

Track Your Credits

Cobalt PtaaS Tiers

Credits

Cobalt API Overview

Partner Integrations

API Versions

Events

Errors

Subscription

Introduction

Authentication

EU Data Center

Organizations

Engagement Findings

DAST Targets

DAST Scans

DAST Scheduled Scans

DAST Findings

External Ticket References

Tokens

Pagination

Idempotency

Rate Limits

Create a Personal Cobalt API Token

Changelog

Get an Organization Token

Revoke Your Personal Cobalt API Tokens

Create or Modify an Asset

Import Findings to Google Sheets

Cobalt API

Glossary

March 2026

February 2026

January 2026

November 2025 

August 2025

July 2025

June 2025

May 2025

April 2025

March 2025

January 2025

December 2024

November 2024

October 2024

September 2024

August 2024

July 2024

June 2024

May 2024

April 2024

March 2024

January 2024

What's New

Guide

Cobalt Product Documentation

Carried Over Findings

Share

Share

Carried Over Findings

Share

Share