Manage Burp Issues
You can view the issues imported with the burp reports in the Detections list. In the Detections list, select Burp from the Source filter or use a QQL token vulnerability.source: BURP, you can view the issue details, including detection date, status, and severity.
Burp Issue Status
Qualys checks the Burp issue serial number against existing imported issues for the web application. If the issue was not previously imported, the status is set to New. Otherwise, the status is set to Active or Reopened (if the issue was previously imported and fixed).
Note: The status is accurate only if a single instance of Burp is used. This is because issue serial numbers are specific to each instance of Burp.
Burp Issue Severity
In Web Application Scanning, severity is assigned to a burp issue based on burp severity and burp confidence.
|
Burp Severity |
Burp Confidence |
WAS Severity |
|
High |
Certain or Firm |
Confirmed Severity 5: Urgent
|
|
High |
Tentitive |
Portential Severity 5: Urgent
|
|
Medium |
Certain or Firm |
Confirmed Severity 3: Serious
|
|
Medium |
Tentitive |
Portential Severity 3: Serious
|
|
Low |
Certain or Firm |
Confirmed Severity 2: Medium
|
|
Low |
Tentitive |
Portential Severity 2: Medium
|
|
Information |
Certain or Firm |
Confirmed Severity 1: Minimal
|
|
Information |
Tentitive |
Portential Severity 1: Minimal
|
View Burp Issue Details
In the Detections list, select a burp issue, and from the Quick Actions menu, click View.
Ignore Burp Issues
You can ignore the burp issues in the same way you can ignore the Qualys detections. To ignore a burp issue, select a burp detection, and from the Quick Actions menu, click Ignore. For details, see Ignore Detections.
Activate Ignored Burp Issues
You can also reactivate the ignored burp issues. To reactivate the burp issues, select an ignored detection, and from the Quick Actions menu, click Activate. See Activate Ignored Detections.