Tell me about the KnowledgeBase

Our KnowledgeBase contains QIDs detected by the Web Malware Detection Service. Each QID is assigned a severity level (High, Medium, Low or Info). Click "Show Filters" to the right above the list to filter the list by severity level.

Tell me about severity levels

Different actions for vulnerabilitiesDifferent actions for vulnerabilities

You can perform the various actions such as edit severity, restore severity, ignore or activate an ignored vulnerability in your KnowledgeBase.

Permissions NeededPermissions Needed: You need to assign the permission named “Update Knowledgebase” in Malware Remediation Permissions for a user to be able to perform the new  actions that are introduced for vulnerabilities. Show meShow me

Permission required to be enabled for the user.

 

By default, this permission is assigned only to Manager user. If you want other users to be able to perform the actions, you need to explicitly assign Update KnowledgeBase permission to the user.

If the required permissions are assigned, you can:

-Edit the severity Edit the severity

Go to Knowledgebase, select the QID of the vulnerability and then select Edit Severity from the Actions menu. Slide the slider for Custom Level to the level you want to assign to the selected QID. Add a comment to indicate the change or reason for the change and then click Save.

Slide the slider to change the severity of the selected vulnerability and provide a comment for the same.

-Restore severityRestore severity

If you have changed the severity of a QID and want to revert it to the Qualys defined severity, select the QID, and select Restore Severity from the Actions menu.

A message is displayed asking confirmation for restoring severity of the QID. Once you confirm, the severity of the QID is restored to the Qualys defined severity.

Quick Action menu to choose Restore Severity for a vulnerability.

-Ignore a vulnerabilityIgnore a vulnerability

You can ignore vulnerabilities so they don't appear as actionable issues in the detections list. Go to Knowledgebase, select the QID and select Ignore from the Actions menu. When you ignore a detection, you'll be prompted to give a reason - false positive, acceptable risk or not applicable. Choose the appropriate reason and click Save. The ignored detection's status label is grayed out in the report and in the Detections list. By default, the detection will not appear in future reports on the same site or scan, until it is reactivated.

Choose the reason to mark a vulnerability to be ignored.

-Activate a vulnerabilityActivate a vulnerability

If you have marked the vulnerability as Ignore and now want to activate the vulnerability, select the QID, and select Activity from the Actions menu.

Quick action menu to choose Activate for a vulnerability.

A message is displayed asking confirmation for activating the QID. Once you confirm, the QID is not ignored.