HelpAddonsAlertFiltersAlertFilter

psiinon edited this page Mar 29, 2016 · 2 revisions
Clone this wiki locally

Context Alert Filters

Context Alert Filters allow you to automatically override the risk levels of any alerts raised by the active and passive scan rules within a context.

This add-on adds an 'Alert Filters' panel to the contexts dialog. The panel shows a list of all of the Alert filters along with buttons for adding, removing, and deleting them.

To use this add-on you will need to:

  • Add your application to a context
  • Open the Session Properties dialog (eg by double clicking on the context)
  • Select the contexts' 'Alert filters' panel
  • Click 'Add' and fill in the details for each alert you want to override

Note: The alert filters will only be applied to new alerts, not to any alerts that were already present when the filter was created.

The 'add' and 'modify' dialogs have the following fields:

Alert

A pull down containing all of the active and passive alert rules currently installed.

New Risk Level

The new risk level to be assigned to any alerts raised that match the criteria defined by the rule.

URL

An optional URL. If specified then this rule will be applied if the URL matches the URL of a raised alert.

URL is Regex?

If set and a URL is specified then the URL will be treated as a regex expression when compared with the URL of the alert. If it is not set then any specified URL must exactly match the URL of the alert.

Parameter

An optional parameter. If specified then this rule will be applied if the parameter exactly matches the parameter of a raised alert.

Enabled

If set then this rule will be applied to all alerts raise against the given context.