A tool to manage and mitigate vulnerabilities.
My training session covered how to:
1. Scan the Network
2. Manage Host Assets
3. Report on Scans
4. Manage User Accounts
5. Remediate Risk
Things to know :
- IP ranges of your networks.
- IP address’s assigned to your Qualys scanners
Vulnerabilities and Scans
- You can import vulnerability libraries
- You can run authenticated scans / trusted scans
Ratings and Severities
After a scan has been run:
- Vulnerability Ratings are Red, Yellow and Blue
- Severity levels are graded 1-5
Assets
- Group Assets – Note Nested groups isn’t supported
- Set a business impact attribute to calculate business risk
- Tag & child tags to your assets which will allow you to create and Operating System Hierarchy
Reporting
- Create template based reports
- Create tickets based on the report outputs
User Management
- Roles – Scanner, Manager, Unit Manager, Auditor, Reader, Remediation User, Contact
- Role – Allow access to GUI & API option
Remediation
- Assign tasks to users