Support for Attaching Evidence to Findings

The Supporting Artifacts feature lets you attach files or links as evidence to findings. This makes it easier to review or close findings and keep records. You can use this feature from the Findings Listing Page for one or more findings at a time. You can upload several files at once.

This feature is available upon request; contact Qualys support or your Technical Account Manager (TAM) to activate it for your account.

Key Features 

You can use this feature to:

• Justify why you closed findings.
• Attach proof (files or links) to findings.
• Track the history of actions and evidence.
• Store all proof within the platform.
• Consolidate all files and links in one place.

The benefits of Adding Supporting Artifacts are:

• Audit and Compliance

  Creating a clear audit trail by attaching evidence lowers compliance risks and accelerates audits.

• Transparency and Accountability

  Providing verifiable proof supports evidence-based decisions and builds trust and accountability.

• Knowledge Retention

  Keeping records of past decisions and evidence streamlines onboarding and delivers better insights.

• Risk Reduction
  Validating findings prevents mistakes and avoids premature issue closure.

Access Permissions

The Manager user can add, update, or delete supporting evidence, while all other users can view it.

Add Supporting Artifacts

Follow these steps to add supporting artifacts

1. Go to Risk Management > Select the Finding.
   You can add evidence from All, Vulnerabilities, and Misconfigurations tabs.
2. From the Actions menu, click Add Supporting Artifacts.

   Add Supporting Artifacts window is displayed.

   

   You can upload the file or add the link.

3. Upload a File.
   1. Drag and drop your file into the upload area, or
   2. Click Browse and select a file from your device

      
      - Max file size: 5 MB per file
      - Supported formats include:.pdf, .png, .docx, .xml, .doc, .xlsx, .xls, .csv

4. Review the uploaded file.

   The file is displayed under File 1

   You can:
   1. Check the box to select it
   2. Click the trash icon to delete it if needed
5. Select Evidence Category

   1. Click the dropdown under Evidence Category.

   2. Choose the appropriate category (for example, Compensatory Control Evidence)

   3. Add Description
      In the Description field, enter a clear explanation of the artifact

6. (Optional) Add Links Instead of Files

   1. Scroll to  Add Links 

   2. Click + Add Link

   3. Paste a URL if your evidence is hosted externally

7. Click Save to finalize
   Or Cancel if you want to discard changes.

Treat the description like audit evidence context: it should answer what the artifact is, why it matters, and how it supports the control.

Your evidence is reflected in the Supporting Artifact column.

You can update Supporting Artifacts in either of the following ways
- Use the Quick Action menu of the Finding 
- By clicking artifact count or No Artifacts present in the Supporting Artifact column.

Add Supporting Artifacts from Findings Details 

You can view the option to add supporting artifacts on the Findings Details page.

1. Go to Risk Management > Select the Finding from the Vulnerabilities tab.

   (You can add evidence from All, Vulnerabilities, and Misconfigurations tabs .)

2. View the details of the selected findings.
   The highlighted section in Finding Details displays the option to add Supporting Artifacts.

3. Follow the steps 3 mentioned in Add Supporting Artifacts