Can the risk level associated with a QID in a web scan be changed?
For example: If WAS is detecting a logon page that is http only and marks that as Level 3 (Informational) and we would like that to be Level 5...how can we change that?
If you are using QualysGuard (and not PCI only) you can go into the Knowledge Base and edit the severity level of a QID.
Find the QID from your report, login to QG and go to the KB. Once the KB loads, click search and put in the QID you are looking for. When the results are displayed there should be an edit icon to the left of the QID # that will allow you to change the severity of the vulnerability.
Retrieving data ...