How is the detection list populated? With all findings from ALL scans (active, deactivated, deleted) or just the findings from scan that are still active?
The Detection List is populated from all WAS scans that have been completed. You can think of it as the current security status of your entire web application portfolio.
The list includes all detections from all web apps with their current status. If you open a detection, you can see details including the history... how many times it was detected, when it was detected, and even the scans where it was detected. If a scan tests for the vulnerability and fails to detect it, the status will change to Fixed. Note if you delete a scan, the detections under Detection List will remain unaffected.
If you want to view current status of findings for a particular web app, from the Web Apps page, select Find--Detections on the web app and you will be redirected to the Detection List with a filter for the web app applied.
If you want to delete all detections for a web app, you can select the "Purge" option. This is a way to "start fresh".
Hope that helps.
Retrieving data ...