Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Correlation between message and alert instances

38 views
Skip to first unread message

Olindo Pindaro

unread,
Feb 26, 2025, 5:32:06 AMFeb 26
to ZAP User Group
My boss asked me to produce a report with all active scan message and linking , if successful test, the related Alert.

I use a Java API client and a headless Docker ZAP installation.

  • Using api.core.messages, I retrieved all messages.
  • Using api.reports.generate, I collected alerts in JSON format.

Both objects have an id field, but they seem unrelated.

Can I match a successful scan message with an alert?
Also, can I differentiate a successful scan message?

Thanks,
Olindo

Simon Bennetts

unread,
Mar 3, 2025, 7:46:02 AMMar 3
to ZAP User Group
Hi Olindo,

All objects in the ZAP db typically have an ID, which will be the ID for the relevant table they are stored in.
I dont think we expose that in any of the reports as we consider that to be "internal" information.
We do expose it via the API as then you're taking on the job of matching things like alerts and messages.
If you use the traditional-json-plus report then we'll do that matching for you.
If you want to do the matching yourself then use on the the "alert" API calls - the field to use will be "sourceMessageId".

Re your last question, what do you mean by a "successful scan message"?
If you mean "one that found a vulnerability" then it will be one that has raised an alert :)

Cheers,

Simon

Olindo Pindaro

unread,
Mar 3, 2025, 8:34:27 AMMar 3
to zaprox...@googlegroups.com
Thanks Simon,
My clarified his willingness. He desire a matrix endpoint/plugin which in the cross the the following information:
1) The endpoint is tested/untested by plugin
2) The test was positive (at least 1 alert raised)/negative(no alert raised).

to Make this report a have to make by myself using alert api as you suggested.

I will keep you aligned on results.

Cheers
Olindo

--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to a topic in the Google Groups "ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/aK7eVnKkVm0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/zaproxy-users/821446d4-dd42-487e-8c03-7e2986fccf6en%40googlegroups.com.


--
Olindo Pindaro
http://www.linkedin.com/in/olindopindaro
+39 3939455830

Simon Bennetts

unread,
Mar 4, 2025, 7:33:43 AMMar 4
to ZAP User Group
Good luck!
All of the relevant info should be available - if you struggle to find it then let us know :)
Reply all
Reply to author
Forward
0 new messages