• Vulnerability Scan Consumes All Server Memory

    Hello,   Does anyone have troubleshooting experience with a vulnerability scan maxing out a server's memory? It doesn't appear to be happening during every scan, but occurs frequently. I am not 100% sure that Qu...
    last modified by putter101
  • How to ensure the servers/assets are patched and up to date?

    How to ensure the servers/assets are patched and up to date?On what criteria we can verify it along with vulnerability scans?
    Preethi R
    last modified by Preethi R
  • Why "Last Detection" date of vulnerability is not updated when a new report is generated?

    I ran a new full report but a lot of vulnerabilities did not updated the "last detection" timestamp, but they still appear with an old timestamp, some appears with the actual date. Why is that? How Qualys handle with...
    Guilherme Queiroz
    last modified by Guilherme Queiroz
  • TLS Padding Oracle Vulnerability (Zombie POODLE and GOLDENDOODLE) issue

    Hi,   I got vulnerability "TLS Padding Oracle Vulnerability (Zombie POODLE and GOLDENDOODLE)" ona scan I ran on 25th October 2019   QID: 38764 Category: General remote services CVE ID: CVE-2019-1559 Vendor...
  • UDP/TCP Source Port Pass Firewall Vulnerabilities for Quantum Scalar i6000

    Hello, Please help me to remediate these vulnerabilities:   Vulnerability : TCP Source Port Pass Firewall Solution : Make sure that all your filtering rules are correct and strict enough. If the firewall inten...
    Tarik DAKIR
    last modified by Tarik DAKIR
  • Tag to detect Cloud Agent version

    I'm trying to add a tag to all my assets running "old" Cloud Agent versions - presently, that would be all Windows agents before, Linux agents before, and Mac agents before I can easily do...
    Matthew Verive
    created by Matthew Verive
  • Qualys agent installation on RHEL 5.11(Tikanga)

    Hi Guys, We have user who is trying to install Qualys cloud agent on Red Hat Enterprise Linux Server release 5.11 (Tikanga), but it was not complete as it is not reporting in Qualys console. Upon checking the lo...
    Preethi R
    last modified by Preethi R
  • Oracle WebLogic Server Multiple Vulnerabilities (CPUAPR2018) detected by Qualys even after applying the patch

    Hi, we have installed patch for Oracle WebLogic Server Multiple Vulnerabilities (CPUAPR2018) on our server six month back itself and now for Oracle WebLogic Server Multiple Vulnerabilities (CPUAPR2019), we ...
    Preethi R
    last modified by Preethi R
  • Anyone use Tableau?

    Hello Qualys Community,   Does anyone use Tableau for Qualys reporting?  If so:   How do you like it? What do you report on? Can you pull Qualys data into Tableau through the API?   An...
    Rusty Qualyz
    last modified by Rusty Qualyz
  • Show only remote vulnerabilities

    Hi,   With in one of my dashboards I have a widget that currently shows all external/public facing assets and vulnerabilities associated with them. I'm wondering if its possible to only show the vulnerabilities ...
    Fabio Migali
    last modified by Fabio Migali
  • Corretto and Java vulnerability detections

    We have a AWS based back-end,  mostly running NIX operating systems.    We recently migrated over 1K JAVA instances to Corretto and were pleasantly surprised to see thousands of JAVA vulnerabilities dis...
    Grant Johnson
    last modified by Grant Johnson
  • ServiceNow and Qualys feedback

    Qualys Community,   I have heard within my organization about Service Now maybe coming in the next year or so.  I would like for the vulnerability management team to get in on the ground floor.  I woul...
    Rusty Qualyz
    last modified by Rusty Qualyz
  • New Detections for CVE-2019-14287

    QID 197665 : Ubuntu Security Notification for Sudo Vulnerability (USN-4154-1) QID 177379 : Debian Security Update for sudo (DSA 4543-1)   Status: Released in VULNSIGS-2.4.725-2 Note: More QIDs to follow as ven...
    Robert Dell'Immagine
    last modified by Robert Dell'Immagine
  • Dashboards for Measuring Patching Operations

    Qualys is great for identifying vulnerabilities and creating lists of them, as well as subdividing them into different groups using tags, sub-dashboards, etc..   But how well does it do for reporting on the fixi...
    John Sponheimer
    last modified by John Sponheimer
  • Windows Store Apps - outdated / possible Vulnerabilities

    I'm not seeing findings on windows store apps or the ones that are outdated and need an update. Reason for this is that  our company locks down the windows store, but in some exemptions they do allow for a quick ...
    last modified by ahamm
  • One Asset Owner or NOT

    Hello Qualys Community,   I have a philosophical question/discussion on how Qualys customers assign out vulnerabilities to remediation teams:   Do companies have 1 asset owner and that team gets all the vu...
    Rusty Qualyz
    created by Rusty Qualyz
  • False positive on Perl install - CVE-2001-0815

    I believe I have a false positive hitting on my vulnerability scan of a Windows 2016 server..  I don't have Perl installed. I can't find the perlIS.dll anywhere on the server. I don't see any ISAPI extension...
    Jay Griffin
    created by Jay Griffin
  • QID To retrieve Ticket State

    Hi Community   I was wondering if you anyone can tell me if there is a QID for the Ticket State column as returned in a scan report ? I am trying to tag assets with a ticket state of "Closed/Ignored" s...
    Michael Fennell
    last modified by Michael Fennell
  • AssetGroups not updating

    Hi guys,           Anyone facing the following error while updating a AssetGroup?   An error has occurred and the Qualys Service cannot process your request. If this condition continues,...
    last modified by mrmime988
  • Unable to update dst through Schedule Scan API

    Hi,   I am trying to update our scheduled scan times to accept dst but I seem to be getting the following error: "This is not a valid scanner appliance set". Error code 1904   These are the parameters are...
    Rohil S
    created by Rohil S