Activate Findings
Click to view navigation pane


Activate Findings

[POST] /qps/rest/3.0/activate/was/finding

Activate ignored findings for a web application that is in the user’s scope.

Permissions required - User must have WAS module enabled. User account must have these permissions: Access Permission “API Access” and "Ignore Vulnerabilities" permission. The output includes findings for web applications in the user's scope.

Input ParametersInput Parameters

These elements are optional and act as filters. When multiple elements are specified, parameters are combined using a logical AND.

Click here for available operators

Parameter

Mandatory

/Optional

Data Type

Description

id

Optional

 integer

ID of the finding (WebAppVuln, WebAppIg, or WebAppSensitiveContent).

uniqueId

Optional

 value

The 36-bit unique id assigned to the finding.

For example:   

<Finding>
   <id>132990</id>
   <uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
    <qid>150004</qid>
...

qid

Optional

 integer

Qualys ID assigned to the detection.

name

Optional

text

Name of the detection finding.

type

Optional

 keyword

Type of the finding: VULNERABILITY, SENSITIVE_CONTENT, or INFORMATION_GATHERED.

url

Optional

 text

URL of the web application on which the finding was detected.

webApp.tags.id

Optional

 date

ID of the tag associated with the web application on which the finding was detected.

webApp.tags.name

Optional

 text

Name of the tag associated with the web application on which the finding was detected.

status

Optional

 keyword

Status of the finding: NEW, ACTIVE, REOPENED, PROTECTED and FIXED.

patch

Optional

 integer-long

Use WAF to protect against vulnerabilities by installing virtual patches.

webApp.id

Optional

 integer

ID of the web application on which the finding was detected.

webApp.name

Optional

 text

Name of the web application on which the finding was detected.

severity

Optional

 integer

Severity of the finding.

externalRef

Optional

 string

Tip - Use operator IS EMPTY for findings with empty external references.

ignoredDate

Optional

 date

The date on which the finding was marked to ignore.

ignoredReason

Optional

 keyword

The reason for which the finding is ignored: FALSE_POSITIVE, RISK_ACCEPTED or NOT_APPLICABLE

group

Optional

 keyword

XSS, SQL, INFO, PATH, CC, SSN_US or CUSTOM

owasp.name

Optional

 text

Name of the OWASP vulnerability.

owasp.code

Optional

 integer

Code associated with the OWASP vulnerability

wasc.name

Optional

 text

Name of the vulnerability.

wasc.code

Optional

 integer

Code of the vulnerability.

cwe.id

Optional

 integer

ID associated with CWE.

firstDetectedDate

Optional

 date

The date when the finding was first detected in the web application,

lastDetectedDate

Optional

 date

The date when the finding was last detected in the web application.

lastTestedDate

Optional

 date

The date when the finding was last tested in the web application.

timesDetected

Optional

 integer

The count indicates the number of times the finding was detected.

severity level

Optional

 integer

The severity associated with the finding:1,2,3,4,5

Sample - Activate all ignored findingsSample - Activate all ignored findings

API request

curl -n -u "USERNAME:PASSWORD" "<qualys_base_url>/qps/rest/3.0/activate/was/finding"

XML response

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/finding.xsd">
    <responseCode>SUCCESS</responseCode>
    <count>3</count>
    <data>
        <Finding>
            <id>1613225669</id>
            <uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
        </Finding>
        <Finding>
            <id>1613255669</id>
            <uniqueId>9a2c4d41-6d21-2b92-e054-3943720a65ab</uniqueId>
        </Finding>
        <Finding>
            <id>1645195669</id>
            <uniqueId>7a2c4d31-5d28-2b92-e055-4943720a51ab</uniqueId>
        </Finding>
    </data>
</ServiceResponse>

Sample - Activate specific findingSample - Activate specific finding

API request

curl -n -u "USERNAME:PASSWORD" "<qualys_base_url>/qps/rest/3.0/activate/was/finding/1613255669"

XML response

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/finding.xsd">
    <responseCode>SUCCESS</responseCode>
    <count>1</count>
    <data>
        <Finding>
            <id>1613255669</id>
            <uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
        </Finding>
    </data>
</ServiceResponse>
 

Sample - Activate a finding using uniqueIdSample - Activate a finding using uniqueId

API request

curl -n -u "USERNAME:PASSWORD" "<qualys_base_url>/qps/rest/3.0/activate/was/finding/1613255669"

XML response

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/finding.xsd">
    <responseCode>SUCCESS</responseCode>
    <count>1</count>
    <data>
        <Finding>
            <id>1613255669</id>
            <uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
        </Finding>
    </data>
</ServiceResponse>

XSD

<platform API server>/qps/xsd/3.0/was/finding.xsd