What is the difference between ID and QID in the web application scan report
QID is a vulnerability type. Qualys classifies vulnerabilities according to QID.
As far as "ID", I'm not sure which number you're referring to. I will mention that each finding has a number (labeled "Finding #" in the report). If that's what you mean, it is simply a unique identifier given to that exact issue. It is used to enable WAS to provide the history of that issue and also can be used to retrieve the finding details via the WAS API.
Thanks Dave. when we export the report into a csv file we saw that colunmn - we just want to make sure it is unique
Retrieving data ...