A parent ticket (Vulnerable Web App) is created for every vulnerable web app and synced by the WAS Finding API. A child ticket (Vulnerable QID) is then created for each unique combination of QID and Finding ID.
If all the Vulnerable QID tickets under a Vulnerable Web App ticket are unlinked and there no other linked tickets, then the Vulnerable Web App tickets are closed.
Vulnerable Web App:
The table below lists the custom fields you can add for ticketing scheme 3. Refer to Creating Custom Fields to start adding the custom fields to your ticketing scheme.
Issue Type |
Field Name |
Field Type |
Searchable |
---|---|---|---|
Vulnerable Web App |
Web App ID |
Number |
Yes |
Web App Name |
Text single line |
Yes |
|
Web App URL |
Text single line |
Yes |
|
Primary key |
Text - Read-only |
Yes |
|
Vulnerable QID
|
Finding Source |
Text single line |
Yes |
Severity |
Number
|
Yes |
|
Type |
Text single line |
Yes |
|
QID |
Number
|
Yes |
|
Detection type |
Text single line |
Yes
|
|
OWASP |
Text single line |
Yes |
|
CWE |
Text single line |
Yes |
|
First detected |
Text single line |
Yes |
|
Last detected |
Text single line |
Yes |
|
Times detected |
Text single line |
Yes |
|
Web App ID |
Number
|
Yes |
|
Finding ID |
Number |
Yes
|
|
CVSS V3 Attack Vector |
Text single line
|
Yes |
|
CVSS V3 Temporal |
Number |
Yes |
|
CVSS V3 Base |
Number |
Yes |
|
CVSS Base |
Number |
Yes |
|
CVSS Temporal |
Number |
Yes |
|
Unique ID |
Text-single line |
Yes |
|
Primary key |
Text - Read-only |
Yes |
|
Threat |
Text Field-multi line |
Yes |
|
Impact |
Text Field-multi line |
Yes |
|
Solution |
Text Field-multi line |
Yes |
As of now WAS module does not support customizing the template with additional Qualys WAS fields