Qualys – Vulnerability Management Notes

Vulnerability Management

 

A tool to manage and mitigate vulnerabilities.

My training session covered how to:
1. Scan the Network
2. Manage Host Assets
3. Report on Scans
4. Manage User Accounts
5. Remediate Risk

Things to know :

  • IP ranges of your networks.
  • IP address’s assigned to your Qualys scanners

Vulnerabilities and Scans

  • You can import vulnerability libraries
  • You can run authenticated scans / trusted scans

Ratings and Severities
After a scan has been run:

  • Vulnerability Ratings are Red, Yellow and Blue
  • Severity levels are graded 1-5

Assets

  • Group Assets – Note Nested groups isn’t supported
  • Set a business impact attribute to calculate business risk
  • Tag & child tags to your assets which will allow you to create and Operating System Hierarchy

Reporting

  • Create template based reports
  • Create tickets based on the report outputs

User Management

  • Roles – Scanner, Manager, Unit Manager, Auditor, Reader, Remediation User, Contact
  • Role – Allow access to GUI & API option

Remediation

  • Assign tasks to users