Body
Overview
This article is a step-by-step guide for creating, running, and scheduling vulnerability scans in Qualys.
Table of Contents
How to set up a Qualys scan
Once you are logged in to the Qualys Dashboard, navigate to the Scans tab located at the top of the page.
From there, select the Scans tab, and click on the box that says “New”
Click the first option in the drop-down “Scan”. This will open a new window.
This is where you will enter all the information to run a scan. To begin you should enter a unique title for your scan. This can simply be the name of the IP or group you are scanning, or something more specific. Make sure this contains either (Internal) or (External) before the title of the scan. This is based on Scanner Appliance you are using which we will go over in more detail below.
Option Profile is a specific set of setting for the scan. We will always be using the Initial Option (default) setting which is already chosen.
Processing Priority is where your scan is placed in line. Typically, you’ll leave this at 0 – No Priority
Scanner Appliance is where you chose the device that will be conducting the scan. For internal servers in Technology Solutions, you’ll pick either Scanner-1 for any IP that begins 128 or Scanner-2 for IPs that begins with 131. For everything else, you’ll choose External, which is a scanner from Qualys outside our networks.
The next section of the screen, "Choose Target Hosts from" is where you pick which hosts are being scanned. This can be done by picking Assets or Tags.
Assets will be either an entire Asset Group or specific IPs and Ranges. You can add an Asset Group from a list of already set up groups of Assets. IPs/Ranges would be to set up a specific IP or several IPs you want to scan, allowing you to zero in for a scan or do a scan on a single IP.
Tags allow you to do a scan over a large variety of assets tagged for inventory management purposes. Here you can see we set up a scan for anything tagged by the Cloud Agent and with the AG-LAS but excluding any assets with BU – Technology Solutions.
Once you’ve set the parameters for your scan, you can click the Notification button to set up whom, if anyone, will be emailed an alert when the scan is finished. After you’ve done that, click Launch.
Now you will see the scan appear on the Scans page, your scan setup window will also become a Scan Status, telling you the status of the scan. It will go from Queued to Running, to Processing, and finally Finished. You can check this either on the Scan Status pop-up screen or by looking at the symbol on the Scans page.
How to Schedule a Qualys Scan
When you first log in to Qualys, navigate to the Scans page and then the Schedules tab.
Once there click on the New drop-down, and click on Schedule Scan.
A new window will pop up, this is where you will input all the details of this schedule's scan.
Begin by adding a unique title for your scheduled scan. This should be a quick identifying explanation of your scan. A weekly scan called “Technology Solutions Email Scan” is much better than “Weekly Scan” which doesn’t tell us much of anything.
Here you will also assign an owner (this should be you or your Unit Manager), choose the Option Profile (this should be left at the default), set a priority (left a 0-No Priority), and choose the scanner appliance the scan will use.
The next tab, "Target Hosts" allows you to set the Asset or Tags you will be scanning. Assets can be set by group or specific IPs and Ranges of IPs. Tags are using tags designed for asset management and even include the ability to add any devices with the Cloud Agent installed.
The next tab "Scheduling" allows you to set the scheduling for your scan. You can set up the start date and time, if you’d like to pause the scan (not recommended), and how often the scan will occur. Most scans are set up late in the night or early in the morning and set weekly or bi-weekly.
The next tab "Notifications" allows you to set up any outgoing notification related to this scan; you can set up a notification to be emailed out to specific recipients up to a week before the scan is set to launch. All you need to do is choose when to send out the notification, the people who will receive the notification, and then the message that will be sent out.
The last tab "Scheduled Status" simply allows you to deactivate the scan and can be toggled off and on.
Once you’ve filled out the forms, you simply need to click Save in the bottom right-hand corner and your scan is scheduled!