Custom Signature

You can create customized vulnerability signatures with targeted and automated detection rules addressing your specific security needs in the knowledge base. 

The Custom Signature feature is available with the TotalAppSec application. For details, contact your Qualys representative. 

Steps to Create Customized Signatures

To create a new WAS signature, in the Knowledge Base tab, click New Custom Signature.

Basic Information

- Enter a Name for a new customized signature.

- Select Category and Severity for the customized signature. The QID is auto-generated once the process is completed. 

Threat

Enter information on what this vulnerability exploits. 

Impact

Enter the possible consequences that may occur if the vulnerability is successfully exploited.

Solution

Enter the suggested solution to fix the vulnerability.

Custom Signature 

Enter custom signature for this new custom signature 

Example of valid signature

{
    "directory_level": "-1:1,0:1,1:1",
    "filters": {
        "server_type": "APACHE,IIS,ENTERPRISE,DOMINO,OTHERS",
        "url_regex": ".*"
    },
    "requests": [
        {
            "matchers": [
                {
                    "regex": ".*",
                    "type": "regex"
                }
            ],
            "method": "GET",
            "payload": {
                "position": "@APPEND@",
                "value": "/"
            }
        }
    ],
    "stop-at-first-match": "false"

Review the information entered for the customized signature and click Create New Signature. 

The new customized signatures are listed in the Knowledge Base tab. You can search the custom signatures by using vulnDef.custom:true QQL token. 

The customized signature is available only for your subscription. 

Using Customized Signatures

You can use this custom QID in scan by adding the customized QIDs in the static search list and to the option profile. For details on creating static search list, refer to Create a Static Search List.