Returns the count of OWASP ZAP findings for a selected criteria.
Permissions required - User must have WAS module enabled. User account must have these permissions: Access Permission “API Access”. WAS Permissions "Access OWASP ZAP Report". The count includes web applications in the user's scope.
These elements are optional and act as filters. When multiple elements are specified, parameters are combined using a logical AND.
Click here for available operators
Parameter |
Mandatory /Optional |
Data Type |
Description |
---|---|---|---|
id |
Optional |
integer |
ID of the finding. |
uniqueId |
Optional |
value |
The 36-bit unique id assigned to the finding. For example: <Finding> |
name |
Optional |
text |
Name of the detection finding. |
alertRef |
Optional |
string |
Reference of OWASP ZAP alert. |
webApp.id |
Optional |
integer |
ID of the web application on which the finding was detected. |
webApp.name |
Optional |
string |
Name of the web application on which the finding was detected. |
webApp.tags |
Optional |
integer |
The tags associated with the web application being scanned. Note: This parameter supports operator="NONE". |
webApp.tags.id |
Optional |
integer |
The tag ID assigned to web application being scanned. |
webApp.tags.name |
Optional |
string |
Name of the tag associated with the web application on which the finding was detected. |
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "
<qualys_base_url>
/qps/rest/3.0/count/was/owaspzapfinding" < file.xml
Request POST data
<ServiceRequest>
<filters>
<Criteria field="id" operator="EQUALS">1002</Criteria>
</filters>
</ServiceRequest>
XML Response
<?xml version="1.0" encoding="UTF-8"?> <ServiceResponsexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:noNamespaceSchemaLocation="
<qualys_base_url>
qps/xsd/3.0/was/ow aspzapfinding.xsd"> <responseCode>SUCCESS</responseCode> <count>1</count> </ServiceResponse>
<platform API server>/qps/xsd/3.0/was/owaspzapfinding.xsd