The <OptionProfile> element includes sub-elements used to define an option profile. A reference of these elements is provided below. An asterisk * indicates a complex element.
Parameter |
Mandatory /Optional |
Data Type |
Description |
---|---|---|---|
id |
Optional |
integer |
ID of the finding (WebAppVuln, WebAppIg, or WebAppSensitiveContent). |
uniqueId |
Optional |
value |
The 36-bit unique id assigned to the finding. For example: <Finding> |
qid |
Optional |
integer |
Qualys ID assigned to the detection. |
name |
Optional |
text |
Name of the detection finding. |
type |
Optional |
keyword |
Type of the finding: VULNERABILITY, SENSITIVE_CONTENT, or INFORMATION_GATHERED. |
url |
Optional |
text |
URL of the web application on which the finding was detected. |
webApp.tags.id |
Optional |
integer |
ID of the tag associated with the web application on which the finding was detected. |
webApp.tags.name |
Optional |
text |
Name of the tag associated with the web application on which the finding was detected. |
status |
Optional |
keyword |
Status of the finding: NEW, ACTIVE, REOPENED, PROTECTED and FIXED. |
patch |
Optional |
integr-long |
Use WAF to protect against vulnerabilities by installing virtual patches. |
webApp.id |
Optional |
integer |
ID of the web application on which the finding was detected. |
webApp.name |
Optional | text |
Name of the web application on which the finding was detected. |
severity |
Optional | integer |
Severity of the finding. |
externalRef |
Optional | string |
Tip - Use operator IS EMPTY for findings with empty external references. |
ignoredDate |
Optional | date |
The date on which the finding was marked to ignore. |
ignoredReason |
Optional | keyowrd |
The reason for which the finding is ignored: FALSE_POSITIVE, RISK_ACCEPTED or NOT_APPLICABLE |
group |
Optional | keyword |
XSS, SQL, INFO, PATH, CC, SSN_US or CUSTOM |
owasp.name |
Optional | text |
Name of the OWASP vulnerability. |
owasp.code |
Optional | integer |
Code associated with the OWASP vulnerability |
wasc.name |
Optional | text |
Name of the vulnerability. |
wasc.code |
Optional | integer |
Code of the vulnerability. |
cwe.id |
Optional | integer |
ID associated with CWE. |
firstDetectedDate |
Optional | date |
The date when the finding was first detected in the web application. |
lastDetectedDate |
Optional | date |
The date when the finding was last detected in the web application. |
lastTestedDate |
Optional | date |
The date when the finding was last tested in the web application. |
timesDetected |
Optional | integer |
The count indicating the number of times the finding was detected. |
severity level |
Optional | integer |
The severity associated with the finding:1,2,3,4,5 |