how do I ignore vulnerabilities on a scan base report in qualys
As I mentioned above, I did ask our engineering team for clarification, and here is the response I received:
Scan based report is the report on some past SCANREF and we are not aware of what was the status of vulnerability at that time. Ignored checkbox is the current status of individual vulnerability on that specific host and it doesn't make sense to show it for the scan-based report.
When I have a discussion on this with QA, QA is suggesting, modifying filter section for the scan-based report so we can think of adding this 'Ignored' checkbox at Status instead of State, as state is something checked at KB for active and disabled QIDs.
Based on the above, we are talking about reporting improvements and our reporting feature backlog is currently > 6 months.
I offer the following work-around:
Your question is extremely general, and therefore cannot be appropriately answered as submitted.
I do have a few recommendations to set you on the path to the answer:
In addition to what Debra is suggesting if you really want to remove findings we do need more. For example are you always removing a finding like SNMP EOL for a specific QID; or a specific instance a finding/vulnerability on a single asset.
If for example you decided there are 5 vulnerabilities you never wanted to see in a certain report template then you could create a search list of the QIDs in the Knowledgebase and then in the report template if you review you can add that search list to exclude those QIDs from the report.
You could also limit the report to only confirmed vulnerabilities of a certain Severity level; I have some templates that only report on confirmed vulnerabilities with a severity level greater than 3.
I would still recommend the links that Debra gave but the community could also use more information to try and give you accurate direction.
Thank you for the responses but what I'm asking in the reports | Templates | Confirmed serverity vulnerabilities, I have the template setup "scan based". In the Template | Filter | Vulnerabilities Filters |State....there's Active, Disabled, and Ignored. when you chose a scan based template, it doesn't give me the ability to choose ignored. Its grayed out. I know I can show exclude QIDs but it would be nice to show in this "scan based" template to include the ignored items without running a separate report. In addition, if i exclude the QID from the report it will remove it from all assets showing that vulnerability in which case I don't want to do.
I want to let you know I have posted your question to our reporting engineers to get you the best, most correct, answer.My research suggests Scan Based reports are focused on the current state (New, Active, Reopened, Fixed).
Are you able to share your use case behind your preference for scan-based vs. host-based reporting (while we await a response)?
We are doing scan based because it does a breakdown of the last scan. less than 300 assets.
-Yes. A custom search list
-yes. A custom scan option profile.
exclude QID from report and use a searchlist of risk accepted QID
Retrieving data ...