Overview
Qualys is a full-featured vulnerability scanner that can target IP addresses, or be deployed as an agent. It is an excellent scanner full of features that are a key part of patch management, and vulnerability detection. Using Qualys can help keep our systems safe.
Qualys has embedded training videos in their products. We highly recommend reviewing them.
Table of Contents
VDMR
- The Dashboard has apps called widgets that can be moved, changed, or set up to display custom information that pertains to your specific situations. There are preset widgets or you can make your own based on any dataset you prefer.
- Scans can be run from the Scans page based on the IP address; choose internal or external scan put in the IP or range of IPs, or choose an Asset Group.
- Run the scan, then download the full report, or use a report template to filter only the data you would like. Show example report, point out that each vulnerability reported has the CVE if applicable, and information on what the threat is and how to solve it.
- VMDR vulnerability database updated per scan, shows each vulnerability for assets you control, when first detected and when last detected.
Cloud Agent
- Set up with tags specific to your Business Unit and Asset Group; it can also have parent/child tags set.
- The Agent is a lightweight, background application that does not impact the performance of the machine and sends periodic information on the machine to the Qualys cloud platform.
- Example: This information includes but is not limited to: IP address, Last User Login, Location, OS, device’s open ports, installed software and its versions, vulnerabilities.
- Cloud Agent Vulnerability information can be included in a report.
- Clicking on vulnerabilities takes you to a detailed view of the vulnerabilities present, similar to the data from a report, and gives detailed information on the vulnerability including the QID (Qualys version of a CVE).
- 50 licenses per unit to start, with more possible with discussion on purchasing them for the unit.
Learn more about Cloud Agent.
Global IT Asset Inventory
- The dashboard is similar to VMDR but can be configured with different data, including custom searches of assets.
- The inventory shows the full list of assets you control and can be filtered through various means, including operating system, asset tags, and hardware.
- Tags allow you to view and manage asset inventory tags as well as quickly search for assets designated by that tag.
Threat Protection
Once you have your unit scanned, you will likely find what seems like an overwhelming number of vulnerabilities to patch. Threat Protect can help you prioritize your efforts.
If there are 100 severity 5 vulnerabilities on 50 machines, you may find that 20% are considered easy to utilize in an attack scenario. That 20% are the ones you would concentrate on first.
- Dashboard similar to what we have seen but customizable, the focus is on specific vulnerabilities and a widget can be easily set up from an alert in the Live Feed.
- Live feed is a constantly updated database of articles written by Qualys about the latest vulnerabilities at all risk levels this information also tracks the assets you own that are affected by the vulnerability. These articles include CVEs and QIDs.
- Assets is another way to search your owned assets, similar to the search for Global IT Asset Inventory but with fewer search options, the emphasis is on searching vulnerabilities and seeing the assets affected by them.
Learn more about Qualys Threat Protection.