Ad
related to: is qualys scanning and reporting the same thing to beBring your data to life with stunning visualizations using Venngage's custom charts! No design skills needed—start with a professional template to create standout reports.
Search results
Dec 7, 2018 · Reporting routine should coincide with scanning routine - if you scan weekly, report weekly. . Maintain a consistent reporting structure over time for improved trending results. . Reports always collect the most recent scan results; therefore, purging outdated (obsolete) host scan results data is critical.
- Recommendations
- What You Can Report on
- How Often You Should Create Reports
- Report Email Notifications
- Scan Settings and Their Impact
- Tell Me About The Various Reports
- Which IPS Can I Report on?
- What Are Asset Groups?
- What Are Asset tags?
- Including The Latest Compliance Data
We recommend you start small, maybe scan and report on one or two IPs. Review the reports, fix the vulnerabilities found, re-scan the IPs to verify your fixes, and rerun your reports. Once you have this process down you'll feel more comfortable scanning larger sets of IPs.
The simple answer to what to report on is this: any IP in your account that has been scanned for compliance. IPs may include any devices on your network: routers, switches, hubs, firewalls, servers (all common operating systems), workstations, databases, desktop computers, printers, and wireless access devices.
We recommend you schedule your scans to run automatically (daily, weekly, monthly) and create reports with at least the same frequency. That way you'll always have the current compliance status for your hosts. You can even set up report schedules so your reports are launched automatically (daily, weekly, monthly).
You can choose to be notified via email each time a report completes. The email gives you a summary of the results and a secure link to the report. Select User Profile below your user name, go to the Options section and select Report Notification. You'll notice additional email notifications you can opt in to.
The scan settings you choose at scan time impact how we conduct scans. Once scan results are processed we save the compliance data per host - this makes it possible for us to include the latest compliance data in your reports. Keep in mind your reports will include the most recent compliance data stored for each host. Tip: We recommend you use cons...
Check out: Policy Report | Policy Summary | Compliance Scorecard Report | Individual Host Report | Control Pass/Fail Report | Authentication Report | Mandate Based Report
Go to Assets > Host Assets to see the IPs you can scan and report on. If the IPs you want to report on are not listed then add them (or have your manager add them and assign them to you) and then scan them. One way you can tell if an IP address has been scanned is to do an asset search. Go to Assets > Asset Search, enter the IP and click Search. Yo...
Asset groups are user-defined groupings of host assets (IP addresses). You can group hosts by importance, priority, location, ownership, or any other method that makes sense for your organization. When you report on an asset group, only the hosts in the group are included. This allows you to limit the scope of your reports to a particular group of ...
Asset tagging is another method for organizing and tracking the assets in your account. You can assign tags to your host assets. Then when launching scans and reports you can select tags associated with the hosts. This dynamic approach is a great way to ensure you include all hosts that match certain criteria, even if your network is constantly cha...
Your scan(s) must be complete. You'll know this when the scan status shows "Finished" on the scans list. Scan results must be ready. We'll merge (process) your scan results into your account after the scans finish. Watch for the solid green circle next to your scans in the scans list to know whether the scan results are processed. Then you're ready...
Tell me about Business risk. We'll show a business risk rating for asset groups in your scan reports. You'll need to create a scan report that: 1) is template based (go to Reports > New > Scan Report > Template Based), 2) has asset groups selected for the report target, 3) scan results selection is set to Status or Status and Trend, and 4) detailed results are sorted by asset group.
We'll show a security risk score for the overall report (in the report summary) and per host (in the detailed results). Your scan report must: 1) be template based (Executive Report, High Severity Report, Technical Report, or another report based on a scan report template), and 2) select host based findings (instead of scan based findings).
For example, if you perform a vulnerability scan and a compliance scan on the same target host, then the remaining scans count is decreased by 2 scans. Note that only hosts that are "alive" at the time of the scan will be counted, and subsequently subtracted from the number of scans remaining in your account.
About Reporting for Scans. Each time you run a scan on your network, detailed scan results are saved on the scan history list (select Scan on the left menu). Run scan reports to analyze scan results and report on scan data. You can run template based scan reports and scorecard reports. Scan Reports: Template Based
People also ask
Should a scan report be weekly or weekly?
What happens if I perform a vulnerability scan and a compliance scan?
Can I create a scan report if I delete scans?
Does Qualys provide APIs for large data exports?
Is Qualys UI reporting suitable for large scale data exports?
How can Qualys impact the success rate of report generation?
The Qualys Platform automatically creates matching Asset Tags for each Asset Group added to your account. You’ll find your matching Asset Tags in the AssetView application (embedded within the “Asset Groups” hierarchy). Trusted Scanning Qualys recommends performing vulnerability scans in “authenticated” mode or what we