Enterprise Edition

Configuring issue management settings

  • Last updated: September 17, 2024

  • Read time: 2 Minutes

This section explains how to configure the way Burp Suite Enterprise Edition handles false positives, accepted risks, and issues with edited severities. You can configure whether Burp Suite Enterprise Edition remembers these issues, and the criteria it uses to recognize them.

By default, Burp Suite Enterprise Edition remembers false positives, accepted risks, and issues with edited severities in future scans of the same site. If the same issue is reported again, your previous changes are applied automatically.

Configure false positive settings:

  1. From the settings menu , select Issue management.
  2. In the Configure false positive settings section, use the toggle to select whether Burp Suite Enterprise Edition will Remember false positives for future scans of the site.
  3. Choose how Burp Suite Enterprise Edition matches newly reported issues with past issues that were flagged as false positives:

    • Anywhere on this site: Matches issues with the same issue type anywhere on the site.
    • Only at the exact same URL: Matches issues with the same issue type and URL.

Note

Use Anywhere on this site with caution. For example, if you enable it, and you flag an SQL injection issue as being a false positive, then all future SQL injection issues reported for the site will automatically be flagged as false positives, even if they are found at different URLs.

Configure accepted risk settings:

  1. From the settings menu , select Issue management.
  2. In the Configure accepted risk settings section, use the toggle to select whether Burp Suite Enterprise Edition will Remember accepted risks for future scans of a site.
  3. Choose how Burp Suite Enterprise Edition matches newly reported issues with past issues that were flagged as accepted risks:

    • Anywhere on this site: Matches issues with the same issue type anywhere on the site.
    • Only at the exact same URL: Matches issues with the same issue type and URL.

Note

Use Anywhere on this site with caution. For example, if you enable it, and you flag an SQL injection issue as being an accepted risk, then all future SQL injection issues reported for the site will automatically be flagged as accepted risks, even if they are found at different URLs.

Configure edit issue severity settings:

  1. From the settings menu , select Issue management.
  2. In the Configure edit issue severity settings section, use the toggle to select whether Burp Suite Enterprise Edition will Remember severity changes for future scans of a site.
  3. Choose how Burp Suite Enterprise Edition matches newly reported issues with past issues that had their severity edited:

    • Anywhere on this site: Matches issues with the same issue type anywhere on the site.
    • Only at the exact same URL: Matches issues with the same issue type and URL.

Note

Use Anywhere on this site with caution. For example, if you enable it, and you flag an SQL injection issue as low severity, then all future SQL injection issues reported for the site will automatically be edited to low severity, even if they are found at different URLs.

Was this article helpful?