A dynamic search list consists of a set of vulnerability search criteria that you want to include or exclude testing for in a scan, for example, severity level, category, CVSS score, patch availability, and so on.
Our service dynamically compiles a list of WAS-related vulnerability QIDs based on the defined search criteria. For example, when a dynamic search list is added to an option profile and applied to a scan, our service queries the KnowledgeBase to find all web application QIDs that match the search criteria at scan time.
With the dynamic search list, you can incorporate newly-added QIDs as long as the QIDs match the search criteria defined for the dynamic list. For example, a dynamic search list defined for severity 5 vulnerabilities will automatically incorporate all severity 5 vulnerabilities at the time of the dynamic search list is used.
To create a static search list, click New Search List > Dynamic List, and follow the simple steps:
1) Add basic details. See Dynamic Search List - List Details
2) Add QIDs to be included in the search list. See Dynamic Search List - Search Criteria
3) Add comments to be associated to the search list. See Dynamic Search List - Comments
4) Review the settings defined and create the search list. See Dynamic Search List - Review and Confirm
User roles and permissions determine whether users have WAS Configuration Permissions; there are individual permissions for creating, editing and deleting search lists and the other WAS configurations. For details, check Configuration permissions.