Help with Alert Filters, Automation Framework
96 views
Skip to first unread message
Patrick Pugh
Jun 5, 2023, 9:25:41 AM6/5/23
to OWASP ZAP User Group
Hello,
I am trying to exclude "Modern Web Application", with "plugin id" 10109. There doesn't seem to be any way to do that, but I thought maybe marking it as a False Positive would be sufficient. I can't figure out how.
Here's what I added at the end of my yml job definition file:
- type: alertFilter
alertFilters:
- ruleId: 10109
newRisk: 'False Positive'
Seems pretty straight-forward. Logs indicate that it should be working:
Job: alertFilter Added global filter for alertId: 10,109 new risk: False Positive
However, the final report doesn't change. "Modern Web Application" is always shown as Informational. Worth noting also that I have not used the following section found in the documentation because it's not valid:
parameters: deleteGlobalAlerts: true
parameters: deleteGlobalAlerts: true
What am I doing wrong? Thanks in advance :)
thc...@gmail.com
Jun 5, 2023, 9:47:00 AM6/5/23
to zaprox...@googlegroups.com
Hi.
The alert filters should be defined before the alerts are raised. Move
the alert filter job to be before the job that creates the messages.
The `deleteGlobalAlerts` being invalid means the Alert Filters add-on is
outdated.
Best regards.
The alert filters should be defined before the alerts are raised. Move
the alert filter job to be before the job that creates the messages.
The `deleteGlobalAlerts` being invalid means the Alert Filters add-on is
outdated.
Best regards.
Patrick Pugh
Jun 5, 2023, 9:56:14 AM6/5/23
to OWASP ZAP User Group
Thank you! Works as expected now.
As for the deleteGlobalAlerts error, I'm using this for the Docker image: owasp/zap2docker-stable:latest
That should always be up to date, unless I misunderstand how add-ons work?
That should always be up to date, unless I misunderstand how add-ons work?
psiinon
Jun 6, 2023, 4:31:19 AM6/6/23
to zaprox...@googlegroups.com
"The stable image is updated whenever there is a ZAP full release. It is also regenerated monthly, typically on the first Monday of the month. The monthly updates pull in the latest base Docker image and also any updated ZAP add-ons - no ZAP ‘core’ changes are included."
This means that the stable release will not include any add-on updates that have been released since the image was regenerated.
Cheers,
Simon
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/93e08793-bcbc-4d2b-a710-c333ea7d3122n%40googlegroups.com.
--
OWASP ZAP Project leader
Patrick Pugh
Jun 6, 2023, 7:33:53 AM6/6/23
to OWASP ZAP User Group
Thanks for the clarification!
Reply all
Reply to author
Forward
0 new messages