Search lists are custom lists of WAS related vulnerabilities that you can apply to an option profile for scanning or to report settings. You can configure both static and dynamic lists and use them to include and/or exclude WAS related vulnerabilities in scans or web application reports.
Go to Configuration > Search Lists. From the New List menu, choose Static List or Dynamic List. When you choose Static List you'll be prompted to pick the specific WAS QIDs you want to include in the list. When you choose Dynamic List you'll be prompted to choose the criteria that defines the WAS related vulnerabilities you want to include. We'll find matching QIDs for you.
Dynamic search list | Static search list
You can use search lists to limit a vulnerability scan to only a select list of QIDs or to scan only for vulnerabilities of a particular type or severity range. You can also use search lists to exclude vulnerabilities from scans. Simply add your search lists to the option profile you want to use for the scan.
Yes, you can copy QIDs from a search list. To copy the QIDs from the search list, select a search list, and click View from the Quick Action menu. In the Search List View screen, go to the QIDs list tab, and click Copy All QIDs.
You can view the core QIDs and customize the Core detection scope from the search list. We provide a static search list for core QIDs with the name “Core QIDs”. This is a default search list created by the system. The search list is synched with the core QIDs of the core category to keep the QIDs in the search list updated. As the search list is system created, you cannot edit but only view the QIDs in the search list.
While viewing the QIDs, you can copy the core QIDs from the Core QID search list using the Copy All QIDs button. When you click Copy All QIDs button, we copy all the QIDs into the clipboard. Next, paste the QIDs into a text file, add or remove QIDs from the list as desired, and then create a new search list with these QIDs.
Go to Configuration > Search Lists. Hover over the search list, choose Edit from the Actions menu and use the wizard to edit the settings. Tip - Turn on help tips in the wizard title bar to view online help when you hover over the settings.
User roles and permissions determine whether users have WAS Configuration Permissions; there are individual permissions for creating, editing and deleting search lists and the other WAS configurations. Learn more
By applying tags to a search list you enable users to access the list. Any user with a matching tag in their scope will have access to your search list.
Want to define tags? It's easy - just go to the Asset Management (AM) application.
The preview pane appears under the list when you click anywhere in a search list row. The preview displays the number of option profiles using the search list, the name of the user who last updated the search list, the date and time of the update and the last comment added.