Manage your reports
|
Can we compare the results of findings between scan reports? |
How do I create a report?
Go to Reports and select New Report. Tell us which report you want to create and then identify the target of the report. We recommend you schedule reports (daily, weekly or monthly) to get fresh reports showing your current security status. It just takes a minute - go to Reports > Schedules and select New Schedule.
Who can create reports?
User roles and permissions determine whether users have WAS Reporting Permissions; these permissions include Create Report, Edit Report and Delete Report. To see a user's assigned user roles and scope, go to the Administration utility. You’ll see this option on the application picker. Learn more
How do I edit report settings?
Click the Edit Report button in the top right corner of the report. Use the wizard to change settings like the name, the report target, set filters and choose content. Once you click Save we'll create the report again with the new settings. (Tip - Turn on help tips in the title bar of the Report Edit window to view online help for each filter setting.)
How do I see the detection results?
The Results section shows you the vulnerability detection results in these categories: vulnerabilities, information gathered and sensitive content, if any. Click a vulnerability instance to display the detection details.
Want to remove certain detections from reports?
It's easy to remove certain detections from web application or scan reports using the ignore option. You'll select detections and mark them as false positive, not applicable or risk accepted. You can do this within a web application report/scan report or from the detections list. Learn more
Want to include ignored detections in reports?
It's easy to include ignored detections from web application or scan reports using the remediation filters. You can configure the filter in the report template or edit the web application report/scan report. Once you opt to include ignored findings in the report, you can further choose types of ignored findings:false positive, not applicable or risk accepted to be included in the report.
Can I schedule reactivation of a detection?Can I schedule reactivation of a detection?
Yes. Simply select Ignore from the Quick Actions menu and then select the Reactivate finding checkbox. Specify the number of days or a date after which the detection should reactivated again. Show meShow me
Want to include customized footer in your report?
It's easy to include customized footer. Define the customized footer text in the report template and it will be displayed in the WAS reports: Web application report and scan report (HTML and PDF formats). You can use the report template when you generate the report to view the custom footer. Show meShow me
View, filter and repeat
Your web application report is interactive. You can edit the settings and filter the content to focus on the information that's currently most important.
- Click Edit Report in the header section and use the wizard to rename the report and apply content filters.
- Click Save and we'll re-run the report with your changes.
- Click the "New window" link in the report header to move the report to a new browser window. This makes side-by-side comparisons easy. It also increases the number of reports you can have open at one time.
How do I save and download reports?
Each report you create opens on its own tab in the Report Management window. You can download your open reports in multiple formats, and those reports are also saved to the reports list to be viewed and downloaded by authorized users.
Save and download an interactive reportSave and download an interactive report
Say you have a live report that you want to download to your local file system. Click Download in the report header and select a format. You have the option to apply tags to your report. Your report will be downloaded and a copy will be saved in the reports list.
By downloading search results to your local system you can easily manage incidents or events outside of the Qualys platform and share them with other users. You can export results in multiple formats (ZIP, HTML, PDF, PPT, XML, CSV, CSV V2).
The CSV V2 report format is applicable for Web application report and Scan report. The CSV_V2 report format provides you information about 12 new fields in addition to all the fields that exist in CSV format. ExampleExample
Download a report from the Report ListDownload a report from the Report List
To download a report from the report list, go to Reports > Report List. Hover over a report, select Download from the Quick Actions menu.
Easy way to download datalists as reportsEasy way to download datalists as reports
It's easy to download datalists as reports. You can get important WAS data and configurations (web applications, scans, option profiles, etc) and share this with other users as needed. Learn more
Your report will be saved in 2 places: 1) your report list, and 2) your local file system. Your report will be removed from the report list in 7 days (when it expires).
How many reports can I save in the reports list?
The user storage limit setting determines the maximum amount of WAS report data each user can save on our Cloud Platform. Did you see an error message when saving a report? We recommend you delete some existing reports and try again. Learn more
How many web applications can I include in a report?
Report creation may sometimes fail if the report is created for large number of web applications. To avoid such failures, we have categorized report creation as per the number of web applications being included in the report. The categorization is as follows:
|
Number of Web Applications |
Online Report |
Download Report |
|
Less than or equal to 100 |
Yes |
Yes |
|
101 to 500 |
No |
Yes |
|
More than 500 |
No |
No |
For web applications less than or equal to 100, you can view the report on the UI as well as download it. For web applications in the range of 101 to 500, the report is not available online on UI but can be directly downloaded. But if the number of web applications exceeds 500, report cannot be generated and error message is displayed in such cases.
Can I open the report in a new window?
Yes, just click this icon 
in the report header to move the report to a new window of your browser. Moving reports to separate browser windows enables you to do side-by-side comparisons. It also increases the number of reports you can have open at one time. All the interactive features of your report are available in the new browser window.
How can I reproduce QID 150022 Verbose Error Message?
There are multiple way to reproduce QID 150022. You could either use WAS Burp extension or use information provided in web application scan report.
In general, one of the easiest ways to reproduce a finding (including QID 150022) is by using the Qualys WAS Burp extension. With this you can import the exact request sent by WAS into Burp Repeater. Then you can manually test in real time (assuming you have access to the target web application or API) by sending the request and seeing the response.
Alternatively, you can try to reproduce to QID 150022 ("Verbose Error Message") using the information provided in the report details. We'll focus on two injection points: the Query-String and Form Inputs. Click here to learn more.
Why should I add tags to a report?
Tagging is a way of organizing reports, web applications and other configurations. When you download a report involving a tagged web application, you'll notice we suggest adding the web application's tags to the report. Tags are one of the many options we provide for filtering the report list. Tags also enable other users to access to your reports. Users whose scopes have tags in common with your reports can access those reports.
OWASP Top 10
The OWASP Top 10 is one of the most common ways to categorize web application risks and vulnerabilities. The vulnerability detection in Qualys Web Application Scanning (WAS) are mapped to the 2017 edition of the OWASP Top 10.
The reports (web application, scan and scorecard) provide a graph listing the OWASP top 10 vulnerabilities. The Vulnerability Details in the report also provides a clickable link with OWASP details. You can click the link and view the further details about the vulnerability.
Can I export detection details?
Yes, you can export the payload response to your local file system in HTML. Just click the Export icon in the Payloads section.
Tell me about the preview pane
The preview pane appears under the reports list when you click anywhere in a report row. The report preview shows the title and type, the user who generated the report, the report status and report size in megabytes. Hover over the size to see the actual size in bytes. Click the Actions menu to take actions on the report. To download the report, click Download. You'll notice the Downloads field tells you the number of times the report has been downloaded by users in the subscription.
Tell me about security risk
The security risk rating (high, medium, low) reflects the maximum severity level of all vulnerabilities included in the report. Ignored vulnerabilities are not included.
|
|
At least one non-fixed vulnerability with severity level 4 or 5 is included in the report. |
|
|
At least one non-fixed vulnerability with severity level 3 is included in the report, and no vulnerabilities with severity level 4 or 5 are included in the report. |
|
|
At least one non-fixed vulnerability with severity level 1 or 2 is included in the report, and no vulnerabilities with severity level 3, 4 or 5 are included in the report. |
Tell me about vulnerability status
You'll see the status of detected vulnerabilities in the Results section of Web Application Reports and Scan Reports. We continuously update the status of detected vulnerabilities in your account, based on the most recent scan results.
Each vulnerability instance is assigned a status - New, Active, Fixed or Reopened.
What does the status mean?What does the status mean?
You'll see the status of detected vulnerabilities in the Results section of Web Application Reports and Scan Reports. We continuously update the status of detected vulnerabilities in your account, based on the most recent scan results. Each vulnerability instance is assigned one of these status settings.
New - The first time a vulnerability is detected by a scan the status is set to New.
Active - A vulnerability detected by two or more scans is set to Active.
Fixed - A vulnerability was verified by the most recent scan as fixed, and this vulnerability was detected by the previous scan.
Reopened - A vulnerability was reopened by the most recent scan, and this vulnerability was verified as fixed by the previous scan. The next time the vulnerability is detected by a scan, the status is set to Active.
Protected - A vulnerability that is blocked for an application protected by WAF.
Can we compare the results of findings between scan reports?
A comparative analysis of changes in scan results between incremental scan reports are also displayed in the Information Gathered details. When you expand the Results section you can see the changes from previous scans highlighted in multiple colors. Disable the Highlight changes from the previous scan option to hide the comparative analysis. By default this option is enabled.
Setting a default report format
It's easy to set a default format for downloading reports. Just edit your profile settings - select My Profile under your user name (in the top right corner).
Get visibility on WAF-blocked vulnerabilities
In your scan settings enable the ScanTrust option to allow Qualys scanners to scan through the WAF and enhance assessment and reporting. Learn more
Tell me about Vulnerability Details in Reports
We provide you with complete and raw HTTP request for detections. The reports downloaded in PDF and HTML format also display complete and raw HTTP request for detections (except for Information Gathered (IG) vulnerabilities).
The WAS reports in PDF or HTML format displayed link, method, POST data, headers and snippets of the response body. The downloaded reports (PDF and HTML) also display full request headers and full request body for vulnerabilities. The complete requests and responses will help you to reproduce or validate the issue. Show meShow me
Sample HTML report
Sample PDF report
