How do I remove detections from my reports?

It's easy to remove certain detections from reports using the ignore option. You'll select detections and mark them as false positive, not applicable or risk accepted. You can do this from the detections list or within a web application report or scan report.

WAS user roles and permissions determine whether users have permission to ignore detections. To ignore detections, the WAS remediation permission "Ignore findings" must be granted to the user's role.

What are the steps?

It's easy to remove detections from reports. You can do this from the detections list or within a web application or scan report:

1) Display the detection details.

- From the Detections list - Hover over the vulnerability or sensitive content and select View from the Quick Actions menu.

Detection list with quick action menu and preview pane.

- Within a web application report or scan report - Scroll to the Results section and click the vulnerability or sensitive content instance you want to ignore.

Vulnerabilities in Results section of the web application report.

2) In the Details window, click the "Ignore" link beside the status in the upper right corner.

Ingore link in the Vulnerability Details window.

3) Select a reason (False Positive, Risk Accepted or Not Applicable) and enter a comment to support your reason.

Ignore Findings window with various options in the Reason drop-down menu to ignore a finding.

4) Click OK.

What happens next?

The ignored detection's status label is grayed out in the current report and in the Detections list.

 

By default, the detection will not appear in future reports on the same web application or scan.

Still have questions?

How do I display ignored detections in reports?

Create a web application  report or scan report, click Edit in the report header, go to Filters, scroll to Remediation Filters and select one of the include options.

How do I reactivate an ignored detection?

Go to the Details of the vulnerability or sensitive content and click the "Reactivate" link. The detection will no longer be ignored in reports on that web application, and the status will no longer be grayed out in the Detections list.

How to schedule reactivation of an ignored detection?

Go to Detections > Detections List and select Ignore from the quick action menu (for multiple detections, select Ignore from the Actions menu). Once you select the reason for ignoring the finding, you can then select the Reactivate finding checkbox and then specify the number of days or a date after which the detection should reactivated again. Show me

What happens to ignored detections if I purge a web application?

Purging removes all scan data, including all ignored detections for the web application. Once purged, the next time the web application is scanned all detections are set to the status "New".