Edit the severity level of the given findings.
Permissions required - User must have WAS module enabled. User account must have these permissions: Access Permission “API Access” and "Ignore Vulnerabilities" permission. User must have access to web application which belongs to given WebAppVuln id. The output includes findings for web applications in the user's scope.
These elements are optional and act as filters. When multiple elements are specified, parameters are combined using a logical AND.
Click here for available operators
Parameter |
Mandatory /Optional |
Data Type |
Description |
---|---|---|---|
id |
Optional |
integer |
ID of the finding (WebAppVuln, WebAppIg, or WebAppSensitiveContent). |
uniqueId |
Optional |
value |
The 36-bit unique id assigned to the finding. For example: <Finding> |
new severity level |
Optional |
integer |
{1,2,3,4,5} |
comments |
Optional |
text |
User comments. |
Edit severity for single finding.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-
"<qualys_base_url>/qps/rest/3.0/editSeverity/was/finding/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<Finding>
<id>647</id>
<severityComment>Test comment API</severityComment>
<severity>2</severity>
</Finding>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/finding.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<Finding>
<id>647</id>
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
</Finding>
</data>
</ServiceResponse>
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/editSeverity/was/finding/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<Finding>
<severityComment>test comment api</severityComment>
<severity>2</severity>
</Finding>
</data>
<filters>
<Criteria field="id" operator="IN">183, 645</Criteria>
</filters>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/finding.xsd">
<responseCode>SUCCESS</responseCode>
<count>2</count>
<data>
<Finding>
<id>645</id>
<uniqueId>6a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
</Finding>
<Finding>
<id>183</id>
<uniqueId>5a2c4d31-5d28-2b92-e055-4943720a51ab</uniqueId>
</Finding>
</data>
</ServiceResponse>
As every uniqueId is unique, using uniqueId, you could edit the severity of a finding.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/editSeverity/was/finding/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<Finding>
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
<severityComment>Test comment API</severityComment>
<severity>3</severity>
</Finding>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/finding.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<Finding>
<id>132990</id>
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
</Finding>
</data>
</ServiceResponse>
<platform API server>/qps/xsd/3.0/was/finding.xsd