Custom Report Policies

Custom report policies enable you to create report policies that suit your requirements. Another option is to clone an existing report policy and modify it based on your needs.

This article explains how to create and configure custom report policies. For further information about report policies, refer to Overview of Report Policies.

With custom report policies you can do the following:

  • Edit the report policies based on your requirements.
  • Change vulnerability details, impact, remedy information, etc. in addition to the severity level, the visibility, and the classification properties of a vulnerability.
  • Configure settings, including how the web security scanner displays its findings in the Acunetix 360 application and in reports.

TIP: If you want to enable or disable specific security checks in the actual Scan itself, you should configure a Scan Policy instead.

Configuring report policies in Acunetix 360

There are two steps involved in configuring custom report policies. First, you need to create a report policy, then the second step is to customize it. Follow the instructions below to create and configure a new custom report policy.

How to Create a New Report Policy in Acunetix 360

  1. Log in to Acunetix 360.
  2. From the main menu, select Policies > New Report Policy.
  3. In the Name field, enter a name for your report policy.
  4. In the Description field, enter a description for your report policy.
  5. Click the checkbox to enable the Shared function if you want to share your report policy with other team members.
  1. If you enable the shared function, add the website group(s) you want to share your reporting policy with. The team members who have permission to scan the selected website groups will also be able to use this report policy.
  1. Click Save.

How to customize a report policy in Acunetix 360

  1. Log in to Acunetix 360.
  2. From the main menu, select Policies > Report Policies.
  3. From the Report Policies page, select the name of the report policy you want to customize.
  4. Select the Editor tab. The full list of vulnerabilities is displayed.
  5. In the vulnerabilities library list, use the checkboxes to select the vulnerabilities you want to include in your report policy. You can also search for a specific vulnerability.

  1. To change the severity level of a vulnerability, select the  vulnerability from the vulnerabilities library list on the left, then use the drop-down menu to select a different severity level.

  1. To edit the details of a vulnerability, click the checkbox next to the section you want to edit, then make your changes and click Save.

  1. To add a new vulnerability to the Report Policy, select New in the vulnerabilities library list. The Vulnerability Editor is displayed. Fill in the fields as required and select Save.

  1. To clone a selected vulnerability to the report policy, select Clone in the Actions section. The Clone Vulnerability dialog is displayed. From the Type drop-down, select the vulnerability type and click Save.

  1. To edit a selected vulnerability in the report policy, select Edit in the Actions section. The Vulnerability Editor dialog is displayed for the selected vulnerability. Change as required and select Save. For more information about the Vulnerability Editor fields, refer to Editing vulnerabilities and assigning security standards in Acunetix 360.

Setting a default report policy 

You can set one of your report policies as the default in Acunetix 360, so that you or your team members can attach this default report policy to a scan easily. If required, you can attach a report policy other than the default to a scan while launching a security scan.

  • You can select a default report policy from your shared report policies.  
  • You can edit your default policy but cannot set it as private or delete it. To delete, first, you must remove its default status from that report policy.
  • You can continue using the default report policy even if a user that created the policy is no longer a part of your team or company.
  • This feature is only available in Acunetix 360 On-Demand.

For further information about configuring report policies, refer to Configuring report policies in Acunetix 360.

How to set a report policy as the default

  1. Log in to Acunetix 360.
  2. From the main menu, select Settings > General.
  3. Scroll down to the Default Policies section. Use the Default Report Policy drop-down menu to select the report policy you want. Then click Save.

The report policy you selected appears as the default on the Report Policies page.

Cloning default report policies

How to clone the default report policy in Acunetix 360

  1. From the main menu, select Policies >Report Policies.
  2. Next to the relevant policy, click Clone. The New Report Policy tab is displayed.
  3. Complete the fields as described above in Configuring report policies in Acunetix 360.

Using custom report policies in scans

How to use a custom report policy in a scan in Acunetix 360

Once you have created a custom report policy, you can use it when creating a new scan, new scheduled scan, or new group scan.

  1. Log in to Acunetix 360.
  2. From the main menu, select Scans > New Scan.
  3. From the Report Policy dropdown, select your custom report policy.

  1. Complete the remaining fields as described in Creating a New Scan.
  2. Select Launch.

Custom Report Policies FAQ

Question: When I change the severity level of a vulnerability, does this affect the previous scan's reports?

  • No, it does not. When you edit a report policy, you need to rerun the scan with the edited report policy; so you can have your new report based on the latest changes.

 

« Back to the Acunetix Support Page