Detections FAQs
Click to view navigation pane

Home

Detections FAQs

Tell me about detectionsTell me about detections

Detections tell you about security findings discovered by our cloud security service. These are based on your most recent scans. To review your current detections, go to Detections > Detections. You can sort detections by web application or filter the list numerous ways - by tags, scan date, severity and more.

Tell me about statusTell me about status

Want to see the flow? Look hereLook here

Diagram displaying the various states of a vulnerability and the flow among them.

New - The first time a vulnerability is detected by a scan the status is set to New.

Active - A vulnerability detected by two or more scans is set to Active.

Fixed - A vulnerability was verified by the most recent scan as fixed, and this vulnerability was detected by the previous scan.

Reopened - A vulnerability was reopened by the most recent scan, and this vulnerability was verified as fixed by the previous scan. The next time the vulnerability is detected by a scan, the status is set to Active.

Protected - A vulnerability that is blocked for an application protected by WAF.

Retesting - A vulnerability that is being retested.

Tell me about groupsTell me about groups

The groups column identifies the group each detection belongs to.

For vulnerability detections, XSS appears for cross-site scripting vulnerabilities, SQL for SQL injection vulnerabilities, INFO for information vulnerabilities and PATH for path-based vulnerabilities.

For sensitive content detections, CC appears for credit card number detections, SSN for social security number (US only) detections, CUSTOM for custom (user-defined) sensitive content detections.

For information gathered, IG_DIAG for diagnostic IG (general information about the scan), IG_WEAK for weakness IG (issues that are security weakness or conflict with best practices) detections.

Tell me about the filtersTell me about the filters

We have filters to enhance the search and quickly locate the detection type. In addition to the detections search tokens, we provide ready to use token based filters in the left pane. We provide filters to find detections by source, status and by confirmed and potential vulnerabilities. Additionally, you can fasten your search, by directly using search tokens for QID or finding ID.

You can distinguish the finding type with the icon displayed in the list.

- Qualys detections

 - Burp detections

- Bugcrowd detections

Does the status of the detection change when it isn't found during a scan?Does the status of the detection change when it isn't found during a scan?

By default, the status of a detection won't be changed when the vulnerable URL of the detection isn't found anymore during a scan. There exists a per-customer configuration option to have this behavior changed. You need to send a request to your TAM or Qualys Support if you want to have this feature for your subscription. After the setting is enabled for your subscription, the detection status will be changed to "Fixed" when the vulnerable URL is not found in the scan.

Can I export detection details?Can I export detection details?

Yes, you can export detection details to your local file system in HTML format. In the Payload Details windows, scroll down to go to the Response section. Click the three vertical dots displayed at the right side and then click Export. Show meShow me

Export option in the payload response window.