Collapses Qualys Scan Findings with Same QID but Different Ports and Endpoints #13682
Description
Be informative
When importing Qualys scan reports, multiple rows with the same QID and title but different ports and endpoints are merged by DefectDojo. This causes the overall count of vulnerabilities to be mismatched since distinct port and endpoint vulnerabilities get combined into one finding.
Problem description
DefectDojo collapses findings with the same QID and title regardless of differences in ports and endpoints from Qualys reports, leading to inaccurate vulnerability counts. We need a way to configure import/deduplication settings to keep these separate by port and endpoint.
Steps to reproduce
Import a Qualys scan report with multiple vulnerabilities that have the same QID but appear on different ports (e.g., ports 80, 5985, 9999) and endpoints.
Observe that DefectDojo collapses these into a single finding, losing port and endpoint-level granularity.
Check the count of findings and note that it is less than expected.
Expected behavior
Each finding with the same QID but unique ports and endpoints should be treated as separate vulnerabilities in DefectDojo, maintaining accurate counts and distinct entries.
Additional context (optional)
I understand DefectDojo has deduplication algorithms that merge findings for easier management, but in this case, the merging is too aggressive because both ports and endpoints are not considered uniquely. Guidance on configuring deduplication to include port and endpoint differentiation during import would be highly appreciated.