The merge vulnerabilities feature does exactly what it says, it merges vulnerabilities. A typical use case is when you have many similar vulnerabilities (e.g. weak SSL/TLS configurations) and you want to present these vulnerabilities in a more compact way.
To perform a merge of vulnerabilities, you need to specify which Plugin IDs that will be the source, and which Plugin ID that will be the target. After the merge has been executed, only the target vulnerability will be left. Information about which Plugin IDs that has been merged is available in the target vulnerabilities “mergeHistory” field.
Follow the steps below to add a new vulnerability merge:
- Click Actions –> Merge Vulnerabilities
- Click Add
- Choose a target Plugin ID. You can either choose a plugin ID from the existing vulnerabilities, or choose to create a new vulnerability
- Choose if port should be considered or not when performing a merge. If port is considered, only vulnerabilities on the same port will be merged
- Add source Plugin IDs. These vulnerabilities will be merged into the target plugin ID.
- Click Save
When a vulnerability merge has been executed, information about which Plugin IDs that has been merged is available in the target vulnerabilities “mergeHistory” field.