Overview
This article gives detailed steps to create and run a vulnerability report in Qualys.
How to Run a Qualys Report
Open Qualys and go to the Reports section at the top of the page and then choose the Reports tab.
From here, click on the drop-down box that says New, then go to Scan Report and choose Template Based.
Now a new window will pop up titled Report Details. Here you will choose the title of your report and then pick a template and format. There are already several Templates built into the selection, including the Severity 4 and 5 Confirmed report which only shows high-level confirmed vulnerabilities, and the Technical Report which shows all details on vulnerabilities.
Format allows you to choose the output of the report file. PDF is the preferred way to view Qualys reports, though CSV files make for easy exporting of data.
The next part of the window, "Report Source" asks you to choose the source for your report. You can pick Asset Groups, specify certain IP ranges, or add certain asset management tags. For example, I want a report from the Asset Group “AG-ACER” and have chosen the tag “Cloud Agent” so I will get a report on all parts of the AG-ACER group that have the cloud agent installed.
Lastly, you have the Scheduling section, where you can set up a date and time for this report to run, and you can repeat it every certain number of days, weeks, or months. You can also choose if a notification will go out when the report is finished here.
Once this has all been selected, click Run at the bottom of the screen to begin your report running. It will begin, and you can either look at the new window or on the Reports screen in Qualys to get its status. First, it will process and then it will run, and finally, it will be complete. Once complete highlight the report and click on the arrow that appears to the left of the report title. This is the Quick Actions table and will allow you to download the report by clicking “download”.
Once the download has completed, you have your report.