Finding Count
Returns the total number of findings on web application(s) in the user’s scope.
Permissions required: User must have WAS module enabled. User account must have these permissions: Access Permission API Access. The count includes web applications in the user's scope.
Input ParametersInput Parameters
These elements are optional and act as filters. When multiple elements are specified, parameters are combined using a logical AND.
Click here for available operators
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
id |
Optional |
integer |
ID of the finding (WebAppVuln, WebAppIg, or WebAppSensitiveContent). |
|
uniqueId |
Optional |
value |
The 36-bit unique id assigned to the finding. For example:
|
|
qid |
Optional |
integer |
Qualys ID assigned to the detection. |
|
name |
Optional |
text |
Name of the detection finding. |
|
type |
Optional |
keyword |
Type of the finding: VULNERABILITY, SENSITIVE_CONTENT, or INFORMATION_GATHERED. |
|
url |
Optional |
text |
URL of the web application on which the finding was detected. |
|
webApp.tags.id |
Optional |
date |
ID of the tag associated with the web application on which the finding was detected. |
|
webApp.tags.name |
Optional |
text |
Name of the tag associated with the web application on which the finding was detected. |
|
status |
Optional |
keyword |
Status of the finding: NEW, ACTIVE, REOPENED, PROTECTED and FIXED. |
|
patch |
Optional |
integer-long |
Use WAF to protect against vulnerabilities by installing virtual patches. |
|
webApp.id |
Optional |
integer |
ID of the web application on which the finding was detected. |
|
webApp.name |
Optional |
text |
Name of the web application on which the finding was detected. |
|
severity |
Optional |
integer |
Severity of the finding. |
|
externalRef |
Optional |
string |
Tip - Use operator IS EMPTY for findings with empty external references. |
|
ignoredDate |
Optional |
date |
The date on which the finding was marked to ignore. |
|
ignoredReason |
Optional |
keyword |
The reason for which the finding is ignored: FALSE_POSITIVE, RISK_ACCEPTED or NOT_APPLICABLE |
|
group |
Optional |
keyword |
XSS, SQL, INFO, PATH, CC, SSN_US or CUSTOM |
|
owasp.name |
Optional |
text |
Name of the OWASP vulnerability. |
|
owasp.code |
Optional |
integer |
Code associated with the OWASP vulnerability |
|
wasc.name |
Optional |
text |
Name of the vulnerability. |
|
wasc.code |
Optional |
integer |
Code of the vulnerability. |
|
cwe.id |
Optional |
integer |
ID associated with CWE. |
|
firstDetectedDate |
Optional |
date |
The date when the finding was first detected in the web application, |
|
lastDetectedDate |
Optional |
date |
The date when the finding was last detected in the web application. |
|
lastTestedDate |
Optional |
date |
The date when the finding was last tested in the web application. |
|
timesDetected |
Optional |
integer |
The count indicates the number of times the finding was detected. |
|
severity level |
Optional |
integer |
The severity associated with the finding:1,2,3,4,5 |
Sample - Get count of all findingsSample - Get count of all findings
Return the number (count) of all findings in the user’s scope.
API request:
curl -u "USERNAME:PASSWORD" "<qualys_base_url>/qps/rest/3.0/count/was/finding/"
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance"
xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/finding.xsd">
<responseCode>SUCCESS</responseCode>
<count>2815</count>
</ServiceResponse>
Sample - Get count of findings with a criteriaSample - Get count of findings with a criteria
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/count/was/finding/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<filters>
<Criteria field="type"
operator="EQUALS">VULNERABILITY</Criteria>
<Criteria field="severity" operator="EQUALS">5</Criteria>
<Criteria field="status" operator="IN">NEW, ACTIVE,
REOPENED</Criteria>
</filters>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance"
xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/finding.xsd">
<responseCode>SUCCESS</responseCode>
<count>41</count>
</ServiceResponse>
Sample - Get details of findingSample - Get details of finding
If you search for a finding using unique ID (uniqueId), the count will always be one.
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/count/was/finding/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<filters>
<Criteria field="uniqueId" operator="EQUALS">8a2c4d51-6d28-2b92-e053-2943720a74ab</Criteria>
</filters>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/finding.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
</ServiceResponse>
XSD
<platform API server>/qps/xsd/3.0/was/finding.xsd