Ignore Findings
Click to view navigation pane


Ignore Findings

[POST] /qps/rest/3.0/ignore/was/finding

[POST] /qps/rest/3.0/ignore/was/finding/<id>

Ignore findings for a web application which is in the user’s scope.

Permissions required - User must have WAS module enabled. User account must have these permissions: Access Permission “API Access” and "Ignore Vulnerabilities" permission. The output includes findings for web applications in the user's scope.

Input ParametersInput Parameters

These elements are optional and act as filters. When multiple elements are specified, parameters are combined using a logical AND.

Click here for available operators

Parameter

Mandatory

/Optional

Data Type

Description

id

Optional

 integer

ID of the finding (WebAppVuln, WebAppIg, or WebAppSensitiveContent).

uniqueId

Optional

 value

The 36-bit unique id assigned to the finding.

For example:   

<Finding>
   <id>132990</id>
   <uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
    <qid>150004</qid>
...

qid

Optional

 integer

Qualys ID assigned to the detection.

name

Optional

text

Name of the detection finding.

type

Optional

 keyword

Type of the finding: VULNERABILITY, SENSITIVE_CONTENT, or INFORMATION_GATHERED.

url

Optional

 text

URL of the web application on which the finding was detected.

webApp.tags.id

Optional

 date

ID of the tag associated with the web application on which the finding was detected.

webApp.tags.name

Optional

 text

Name of the tag associated with the web application on which the finding was detected.

status

Optional

 keyword

Status of the finding: NEW, ACTIVE, REOPENED, PROTECTED and FIXED.

patch

Optional

 integer-long

Use WAF to protect against vulnerabilities by installing virtual patches.

webApp.id

Optional

 integer

ID of the web application on which the finding was detected.

webApp.name

Optional

 text

Name of the web application on which the finding was detected.

severity

Optional

 integer

Severity of the finding.

externalRef

Optional

 string

Tip - Use operator IS EMPTY for findings with empty external references.

ignoredDate

Optional

 date

The date on which the finding was marked to ignore.

ignoredReason

Optional

 keyword

The reason for which the finding is ignored: FALSE_POSITIVE, RISK_ACCEPTED or NOT_APPLICABLE

group

Optional

 keyword

XSS, SQL, INFO, PATH, CC, SSN_US or CUSTOM

reactivateDate

Optional

 date

Specify the date after which the ignored finding should be re-activated. The date/time is specified in YYYY-MM-DD format.

reactivateIn

 

 Optional

integer

 

Specify the number of days after which the ignored finding should be reactivated.

Note: reactivateDate and reactivateIn are mutually exclusive parameters and cannot be used together. You can use only either of them for a finding.

owasp.name

Optional

 text

Name of the OWASP vulnerability.

owasp.code

Optional

 integer

Code associated with the OWASP vulnerability

wasc.name

Optional

 text

Name of the vulnerability.

wasc.code

Optional

 integer

Code of the vulnerability.

cwe.id

Optional

 integer

ID associated with CWE.

firstDetectedDate

Optional

 date

The date when the finding was first detected in the web application,

lastDetectedDate

Optional

 date

The date when the finding was last detected in the web application.

lastTestedDate

 Optional date

The date when the finding was last tested in the web application.

timesDetected

 Optional integer

The count indicates the number of times the finding was detected.

severity level

 Optional integer

The severity associated with the finding:1,2,3,4,5

Sample - Ignore a specific findingSample - Ignore a specific finding

API request

curl -n -u "USERNAME:PASSWORD" "<qualys_base_url>/qps/rest/3.0/ignore/was/finding/1645195669"

Request POST data

<ServiceRequest>
    <data>
        <Finding>
            <id>1645195669</id>
            <ignoredReason>FALSE_POSITIVE</ignoredReason>
            <ignoredComment>test</ignoredComment>
        </Finding>
    </data>
</ServiceRequest>

XML response

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/finding.xsd">
    <responseCode>SUCCESS</responseCode>
    <count>1</count>
    <data>
        <Finding>
            <id>1645195669</id>
            <uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
        </Finding>
    </data>
</ServiceResponse>

Sample - Reactivate an ignored finding (date)Sample - Reactivate an ignored finding (date)

API request

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"
--data-binary @-
"<qualys_base_url>/qps/rest/3.0/ignore/was/finding/"
Note: "file.xml" contains the request POST data.

Request POST data

<ServiceRequest>
    <data>
        <Finding>
            <id>927823</id>
            <ignoredReason>FALSE_POSITIVE</ignoredReason>
            <ignoredComment>test</ignoredComment>
            <reactivateDate>2018-11-14</reactivateDate>
        </Finding>
    </data>
</ServiceRequest>

XML response

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/
was/finding.xsd">
    <responseCode>SUCCESS</responseCode>
    <count>1</count>
    <data>
        <Finding>
            <id>927823</id>
            <uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
        </Finding>
    </data>
</ServiceResponse>

Sample - Reactivate an ignored finding (day)Sample - Reactivate an ignored finding (day)

API request

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"
--data-binary @-
"<qualys_base_url>/qps/rest/3.0/ignore/was/finding/"
Note: "file.xml" contains the request POST data.

Request POST data

<ServiceRequest>
    <data>
        <Finding>
            <id>927913</id>
            <ignoredReason>FALSE_POSITIVE</ignoredReason>
            <ignoredComment>test</ignoredComment>
            <reactivateIn>1</reactivateIn>
        </Finding>
    </data>
</ServiceRequest>

XML response

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/finding.xsd">
    <responseCode>SUCCESS</responseCode>
    <count>1</count>
    <data>
        <Finding>
            <id>927913</id>
            <uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
        </Finding>
    </data>
</ServiceResponse>

Sample - Ignore multiple findingsSample - Ignore multiple findings

API request

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"
--data-binary @-
"<qualys_base_url>/qps/rest/3.0/ignore/was/finding/"
Note: "file.xml" contains the request POST data.

Request POST data

<ServiceRequest>
    <filters>
        <Criteria field="id" operator="NOT EQUALS">1231056</Criteria>
        <Criteria field="type" operator="NOT EQUALS">INFORMATION_GATHERED</Criteria>
    </filters>
    <data>
        <Finding>
            <ignoredReason>FALSE_POSITIVE</ignoredReason>
            <ignoredComment>test</ignoredComment>
        </Finding>
    </data>
</ServiceRequest>

Note : When you are trying to ignore findings, make sure that type of finding is passed in data is not of INFORMATION_GATHERED type as they cannot be ignored. This can be ensured by using type not equals INFORMATION_GATHERED tag when using NOT EQUALS, GREATER or LESSER operator.

XML response

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/finding.xsd">
    <responseCode>SUCCESS</responseCode>
    <count>27</count>
    <data>
        <Finding>
            <id>1231057</id>
            <uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
        </Finding>
        <Finding>
            <id>1231058</id>
            <uniqueId>5a2c4d51-5d28-2b92-e053-2943720a32ab</uniqueId>
        </Finding>
        <Finding>
            <id>1231059</id>
            <uniqueId>4a2c4d51-8d28-2b92-e053-2943720a16ab</uniqueId>
        </Finding>
        <Finding>
            <id>1231060</id>
            <uniqueId>3a2c4d51-9d28-2b92-e053-2943720a90ab</uniqueId>
        </Finding>
       …
    </data>
</ServiceResponse>

Sample - Ignore finding using uniqueIdSample - Ignore finding using uniqueId

As every uniqueId is unique, using uniqueId, you could ignore the exact finding.

API request

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-
"<qualys_base_url>/qps/rest/3.0/ignore/was/finding/8a2c4d51-6d28-2b92-e053-2943720a74ab" < file.xml
Note: “file.xml” contains the request POST data.

Request POST data

<ServiceRequest>
    <data>
        <Finding>
            <ignoredReason>FALSE_POSITIVE</ignoredReason>
            <ignoredComment>test</ignoredComment>
        </Finding>
    </data>
</ServiceRequest>

XML response

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/finding.xsd">
    <responseCode>SUCCESS</responseCode>
    <count>1</count>
    <data>
        <Finding>
            <id>132990</id>
            <uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
        </Finding>
    </data>
</ServiceResponse>

XSD

<platform API server>/qps/xsd/3.0/was/finding.xsd