From the burger menu, you can navigate to "Settings" > "Sites and scan data", where you can control various settings to adjust how Burp Suite Enterprise Edition handles sites and scan data.
When a scan is triggered using the REST API, for example, by an integrated CI pipeline, Burp Suite Enterprise Edition attempts to attach the scan data to existing sites in the system. If no matching site can be found, a new site is automatically created instead.
By default, sites generated using the API are not displayed on the "Sites" page. If you enable the "Display sites generated by the API" setting, the site tree will show these sites alongside the sites that you create manually.
Burp Suite Enterprise Edition decides whether the data from an API-generated scan should be matched with an existing site based on both the name of the site and the list of included and excluded URLs.
If a name was provided for the site when the scan was created:
If no name was provided for the site when the scan was created:
If you enable this setting, you can define a threshold for how long old scans will be kept in the system. By default, this is set to delete all scans that are more than one year old, but you can change this to anything from one day up to five years. Note that the most recent scan for each site is always kept, even if it is older than the defined threshold.
When a scan finds an issue, Burp Suite Enterprise Edition determines whether it is a new issue for the site or an issue that was already discovered by previous scans. This information is used to produce the trend information about new, resolved, and regressed issues that you see in the dashboards. It is also used to identify issues that have previously been flagged as false positives.
In the scan delta settings, you can adjust how Burp Suite Enterprise Edition decides which issues are "new". You have the following options:
The false positives settings can be accessed via the burger menu. They let you configure how Burp Suite Enterprise Edition handles issues that are flagged as false positives.
By default, if you flag an issue as being a false positive, this will be remembered in future scans of the same site. If the same issue is reported again, it will automatically be flagged as a false positive. You can change this behavior using the "Remember false positives for future scans" option.
You can also configure how Burp Suite Enterprise Edition matches newly reported issues with past issues that were flagged as false positives. By default, these are matched based on the issue type and URL. However, you can change this so that issues are matched based solely on the issue type. You should use this option with caution. For example, if you enable it, and you flag a SQL injection issue as being a false positive, then all future SQL injection issues reported for the site will automatically be flagged as false positives, even if they arise at different URLs.
If you are using the bundled database, you can control your database backup settings from within Burp Suite Enterprise Edition. From the burger menu, go to "Settings" > "Database backup".
You can control the following settings:
You can also back up your database manually at any time using the "Back up now" button.
Note that if you use an external database, your database administrator manages your backup settings outside of Burp Suite Enterprise Edition.