Reference: Report Creation
Click to view navigation pane


Reference: Report Creation

The Report “config” element includes sub-elements used to define a web application report type. A reference of these elements is provided below. An asterisk * indicates a complex element.

Parameter

Mandatory

/Optional

Data Type

Description

id

   integer

The report ID. This element is assigned by the service and is required for a certain type of request (details, status, update, delete, send or download).

name

  

text

A report name (maximum 256 characters). Applies to all reports.

Note: Generating a report without template will allow you to assign a name to the report. If you use a template during report generation, the name you provide in the request is ignored and the template name is assigned to the report.

target*

  

 

A report target. Applies to all reports.

Example for a web application report:

<tags>

     <included>

       <option>ALL</option>

         <tagList>

           <set>

             <Tag><id>12017424</id></Tag>

             <Tag><id>12017228</id></Tag>

           </set>

         </tagList>

         </included>

         <excluded>

            <option>ANY</option>

                <tagList>

                   <set>

                     <Tag><id>12017228</id></Tag>

                 </set>

                </tagList>

         </excluded>

   </tags>

template.id

   integer

The template ID. This element is assigned by the system and is required

for a certain type of request.

Example:

<template>

      <id>876048</id>

</template>

type 

   text

The report type, one of: WAS_SCAN_REPORT, WAS_WEBAPP_REPORT, WAS_SCORECARD_REPORT, WAS_CATALOG_REPORT, DATALIST_REPORT

password   

   text

A password for a encrypted PDF report. Applies to all reports.

distributionList*

 

    

Email addresses for a report distribution list. Applies to all reports.

Example:

<distributionList>

  <set>

    <EmailAddress><EMAIL_ADDRESS1></EmailAddress>

    <EmailAddress><EMAIL_ADDRESS2></EmailAddress>

  </set>

</distributionList>

display.contents*

   boolean

Identifies the report content to display.

Values: DESCRIPTION, SUMMARY, GRAPHS, RESULTS, INDIVIDUAL_RECORDS (all reports)

Values: RECORD_DETAILS, ALL_RESULTS, APPENDIX (Web Application Report and Scan Report)

Example for a Scan Report:

<display>

 <contents>

  <ScanReportContent>GRAPHS</ScanReportContent>

  <ScanReportContent>RESULTS</ScanReportContent>

 </contents>

</display>

display.graphs*

   boolean

Identifies the graphs to display. Applies to all reports.

Example for a Scan Report:

<display>

<graphs>

    <ScanReportGraph>
         MOST_VULNERABLE_URLS
   </ScanReportGraph>  

    <ScanReportGraph>
          VULNERABILITIES_BY_SEVERITY

    </ScanReportGraph>

    <ScanReportGraph>

          VULNERABILITIES_BY_GROUP
   </ScanReportGraph>

    <ScanReportGraph>
          VULNERABILITIES_BY_OWASP
    </ScanReportGraph>

    <ScanReportGraph>
          VULNERABILITIES_BY_WASC
    </ScanReportGraph>  

    <ScanReportGraph>
          SENSITIVE_CONTENTS_BY_GROUP
    </ScanReportGraph>

 </graphs>

</display>

display.groups*

   keyword

Identifies the vulnerability groups to display. Applies to all reports.

Example for a Web Application Report or Scan Report:

<display>

  <groups>

    <WebAppReportGroup>GROUP</WebAppReportGroup>

    <WebAppReportGroup>OWASP</WebAppReportGroup>

    <WebAppReportGroup>WASC</WebAppReportGroup>

  </groups>

</display>

display.options*

   date

Specifies whether to display severity using levels (1 through 5) or using ratings (low, medium, high). Applies to all reports.

filters.searchlists*

    

Identifies search list filters. Applies to a Web Application Report, Scan Report or Scorecard Report.

Example:

<filters>

  <SearchLists>

    <SearchList>

      <id>43147</id>

    </SearchList>

  </SearchlLsts>

  </filters>

filters.url 

   text

Identifies URL filters. Applies to a Web Application Report, Scan Report or Catalog Report.

Example:

<filters>

<url>http://www.mysite.com/help.html</url>

...

</filters>

filters.status*

    

Identifies status filters. Applies to Web Application Report, Scan Report and Catalog Report.

Values for Web Application Report and Scan Report: NEW, ACTIVE, REOPENED, FIXED

Values for Catalog Report: NEW, ROGUE, APPROVED, REJECTED, SUBSCRIPTION

filters.showPatched
 

   keyword

Identifies whether to include/not include findings with virtual patches. Applies to Web Application Report and Scan Report.

Values:

SHOW_ONLY - show patched findings only

SHOW_BOTH - show patched & unpatched findings (default)

SHOW_NONE - show unpatched findings only

filters.remediation.
showIgnored 

   boolean

Include ignored findings: true or false

filters.remediation.
ignoredReasons 

   keyword

Identifies the types of findings to be included in the report.Applies to Scan Report.

Values:

FALSE_POSITIVE - include false positive findings in the report

RISK_ACCEPTED - include risk accepted findings in the report

NOT_APPLICABLE - include findings marked as not applicable in the report

filters.scanDate*

   date

Applies to a Scorecard Report and Catalog Report.

Example:

<filters>

 <scanDate>

   <startDate>2017-08-28</startDate>

   <endDate>2017-10-28</endDate>

  </scanDate>

</filters>

filters.scanStatus*

    

Applies to a Scorecard Report. Tip - Specify SERVICE_ERROR to include scans with the status Service Errors Detected.

Example:

<filters>

 <scanStatus>FINISHED</scanStatus>

</filters>

filters.scanAuthStatus*

    

Applies to a Scorecard Report

Example:

<filters>

 <scanAuthStatus>SUCCESSFUL</scanAuthStatus>

</filters>

filters.ip 

   text

Applies to a Catalog Report

Example:

<filters>

 <ip><![CDATA[10.56.64.245]]></ip>

</filters>

filters.os

   text

Applies to a Catalog Report

Example:

<filters>

 <os><![CDATA[unix]]></os>

</filters>