Manage detections

Manage all your detections in one place.  The detections tab acts as a central area for application security vulnerability detections, management and information. We list all your findings (Qualys, Burp, and Bugcrowd) in the Detections tab.

Tell me about detections

Tell me about severity levels

Reconfirm vulnerability findings

Customize severity levels

How do I view detection details?

Can I export detection details?

Want to remove certain detections from your reports?

Tell me about the preview pane

Tell me about status

Tell me about virtual patches

Tell me about groups

Tell me about findings related permissions

Tell me about filters

Retest mutiple findings

Tell me about external references

 


Tell me about detections

Detections tell you about security findings discovered by our cloud security service. These are based on your most recent scans. To review your current detections, go to Detections > Detection List. You can sort detections by web application or filter the list numerous ways - by tags, scan date, severity and more.

Can I reconfirm vulnerability findings without launching a full scan?

Yes, you can easily retest the findings for individual vulnerabilities by launching a scan to test the selected finding. Only potential vulnerabilities, confirmed vulnerabilities and sensitive contents are available for retest.

In the Detections tab, just navigate to the vulnerability you want to retest and click Retest from the Quick Actions menu. Once the retest is finished the updated details are displayed for that vulnerability. Look here

If the URL of your web application changes, it is recommended to create a new web application with the new URL and execute a scan to know the detections rather than conducting a retest. However, if you need to retain the web application and update the URL, then it is recommended that you purge all detections on the web application and run a scan before you proceed for the retest.

Can I retest multiple vulnerability findings without launching a full scan?

Yes, you can easily retest the findings for vulnerabilities by launching a scan to test the selected multiple findings. Only potential vulnerabilities, confirmed vulnerabilities and sensitive contents are available for retest. You can club the multiple findings that belong to the same QID and web application and launch a retest in a single batch. The retest scan uses same settings used in the latest scan. If you cancel the retest for any of the findings, the retest scan is cancelled for the entire batch of findings.

Go to Detections > Detections List. You can use filters in the left-pane to view all findings of same QID and web application. Select the findings to be retested. From the Actions menu, select Retest. Once you confirm, the retest scan would be launched on all the selected findings at one go. Show me

How do I view detection details?

Double click a detection row, or hover over the row and choose View from the menu. Learn more

Want to remove certain detections from your reports?

You can do this by marking those detections as ignored. Hover over the detection row (vulnerability or sensitive content) and choose Ignore from the menu. When you ignore a detection, you'll be prompted to give a reason - false positive, acceptable risk or not applicable. The status label is grayed out in the list and, by default, the detection will not appear in future reports on the same web application. Learn more

Want to reactivate an ignored detection? Just choose Activate from the Quick Actions menu.

Can I schedule reactivation of a detection?

Tell me about status

Want to see the flow? Look here

New - The first time a vulnerability is detected by a scan the status is set to New.

Active - A vulnerability detected by two or more scans is set to Active.

Fixed - A vulnerability was verified by the most recent scan as fixed, and this vulnerability was detected by the previous scan.

Reopened - A vulnerability was reopened by the most recent scan, and this vulnerability was verified as fixed by the previous scan. The next time the vulnerability is detected by a scan, the status is set to Active.

Protected - A vulnerability that is blocked for an application protected by WAF.

Retesting - A vulnerability that is being retested.

Tell me about groups

The groups column identifies the group each detection belongs to.

For vulnerability detections, XSS appears for cross-site scripting vulnerabilities, SQL for SQL injection vulnerabilities, INFO for information vulnerabilities and PATH for path-based vulnerabilities.

For sensitive content detections, CC appears for credit card number detections, SSN for social security number (US only) detections, CUSTOM for custom (user-defined) sensitive content detections.

For information gathered, IG_DIAG for diagnostic IG (general information about the scan), IG_WEAK for weakness IG (issues that are security weakness or conflict with best practices) detections.

Tell me about severity levels

Each detection is assigned a severity level that tells you the security risk associated with its exploitation. Learn more

Can I customize the severity levels?

Yes, you can easily customize the severity of findings (vulnerability/sensitive content/information gathered) reported in your web applications. Learn more

Can I export detection details?

Yes, you can export detection details to your local file system in HTML format. Just click the Export icon in the payload response section. Show me

Tell me about the preview pane

The preview pane appears below the list when you click in a detection row. The preview displays the QID and severity level of the vulnerability along with detection details. Show me

Tell me about virtual patches

Do you have WAF in your account? If yes, you can use WAF to protect against vulnerabilities by installing virtual patches. Go to WAS > Web Applications > Detections. Identify the detection you want to patch (vulnerability or sensitive content) and choose Install Patch from the Quick Actions menu. Review the patch details and feel free to update or remove rule conditions. Then click OK. We'll add a virtual patch rule to your firewall.

Want to remove a patch?

Don't see this option?

Tell me about remediation permissions

Manager users have full rights to manage remediation tasks. For other users their assigned roles and permissions determine whether they have WAS Remediation Permissions (i.e. ignore findings, retest vulnerabilities and sensitive content, update findings). To see a user's assigned roles, go to the Administration utility (select from the application picker) and view/edit the user of interest. Learn more

Tell me about the filters

We have filters to enhance the search and quickly locate the detection type.  In addition to the common filters, depending on your finding type, more filters specific to each finding type are displayed. For example, if you choose Finding Type as Burp, then filters that are applicable for Burp related findings are enabled and the other non-applicable filters are disabled.

You can distinguish the finding type with the icon displayed in the list.

- Qualys detections

 - Burp detections

- Bugcrowd detections

Additionally, you can fasten your search, by directly using filters for QID or finding ID.

Tell me about the external references

We have now made external references for QID available to all by default. You could add any external references such as IDs, comments or any other reference you want to associate with the QID. You can now add and view external references that are added to a QID or search for QIDs with specific external references.

Add External References

Go to Detections > Detection List, pick the QID you would want to add external references to and then select External References from the quick action menu. Type the content you want to add in New Reference and then click OK. You could add upto maximum 10 references for a QID. Use Delete link to remove the reference associated with the QID. Show me

View External References

To view the references associated with a QID, go to Detections > Detection List, pick the QID and then select view from the quick actions menu. The QID details now lists the external references associated with the QID. If there are multiple references, click more link to view all the references. Show me

Search External References

We have also added a new filter to ease your search for a QID using the external references you add to a QID. Show me