Configure search lists

Search lists are custom lists of WAS related vulnerabilities that you can apply to an option profile for scanning or to report settings. You can configure both static and dynamic lists and use them to include and/or exclude WAS related vulnerabilities in scans or web application reports.

How to create a search list

Go to Configuration > Search Lists. From the New List menu, choose Static List or Dynamic List. When you choose Static List you'll be prompted to pick the specific WAS QIDs you want to include in the list. When you choose Dynamic List you'll be prompted to choose the criteria that defines the WAS related vulnerabilities you want to include. We'll find matching QIDs for you.

Dynamic search list | Static search list

How do I use search lists

You can use search lists to limit a vulnerability scan to only a select list of QIDs or to scan only for vulnerabilities of a particular type or severity range. You can also use search lists to exclude vulnerabilities from scans. Simply add your search lists to the option profile you want to use for the scan.

Can I copy QIDs from a search list?

Yes, you can copy QIDs from a search list. To copy the QIDs from the search list, select a search list, and click View from the Quick Action menu. In the Search List View screen, go to the QIDs list tab, and click Copy All QIDs.

Can I create a custom search list for core QIDs?

You can view the core QIDs and customize the Core detection scope from the search list. We provide a static search list for core QIDs with the name “Core QIDs”. This is a default search list created by the system. The search list is synched with the core QIDs of the core category to keep the QIDs in the search list updated. As the search list is system created, you cannot edit but only view the QIDs in the search list.

While viewing the QIDs, you can copy the core QIDs from the Core QID search list using the Copy All QIDs button. When you click Copy All QIDs button, we copy all the QIDs into the clipboard. Next, paste the QIDs into a text file, add or remove QIDs from the list as desired, and then create a new search list with these QIDs.

I already have a search list. How do I edit it?

Go to Configuration > Search Lists. Hover over the search list, choose Edit from the Actions menu and use the wizard to edit the settings. Tip - Turn on help tips in the wizard title bar to view online help when you hover over the settings.

Who can create search lists?

User roles and permissions determine whether users have WAS Configuration Permissions; there are individual permissions for creating, editing and deleting search lists and the other WAS configurations. Learn more

Why should I apply tags to a search list?

By applying tags to a search list you enable users to access the list. Any user with a matching tag in their scope will have access to your search list.

Want to define tags? It's easy - just go to the CyberSecurity Asset Management (CSAM) application.

Tell me about the preview pane

The preview pane appears under the list when you click anywhere in a search list row. The preview displays the number of option profiles using the search list, the name of the user who last updated the search list, the date and time of the update and the last comment added.

Preview pane displaying various details of the selected search list.