WAS detections and reports now display vulnerabilities blocked by Qualys WAF, for a Web Application that is a shared asset in WAS and WAF. To get started enable the ScanTrust option to allow Qualys scanners to seamlessly scan the web application through the WAF and enhance assessment and reporting. You can easily set this up in WAS or WAF.
Note that the ScanTrust feature should be enabled in your Qualys subscription before you can use it. Once enabled, the ScanTrust option is visible in WAS if the web application is protected by WAF.
Interested in getting ScanTrust enabled for your subscription? Please contact Qualys Support or Technical Account Manager.
Once you allow Qualys scanners to perform these scans, be sure to select the Enable Authentication option when launching your vulnerability scan in WAS.
In WAS detections, use the Protected filter to view the vulnerabilities blocked by Qualys WAF.
Enable the Protected filter in WAS reports to view the vulnerabilities blocked by Qualys WAF.