I have three scanners in a group doing a large scan. The same scanner appliance in both scans is showing zero IPs scanned and its at 12% availability. Anyone ever have something like this where the scanner ha... All, I am just looking for a ballpark here. Anyone have a rough estimate on how long from the release of the Microsoft Patch Tuesday patch release till usable QIDs are available for usage in scanning? ... I'm running a test web server on a machine. I thought the config file was secure but Qualys scan says otherwise, gives me a level 4 vulnerability because the config file is not hidden or secured. I'm not sure if it's ... I am new with the Qualys, can some one help me to generate two vulnerability reports, one with Severity 5 and other with Severity 4? Although, I have tried to customize the report template but unable to find a... Hi there, I'm trying to get a deep-dive auth report into the state of play with our Filer environment, and struggling with auth records. Our Storage team have given us access through an AD accoun... Hey all...I have been playing in the Beta VM Dashboard and it has some better features...the question is...how do I get that data out to excel. Anyone have any comments on it yet? No export to CVS feature ... Is there any difference between which vulnerabilities that are discovered by a Qualys Cloud Agent and a Qualys Authenticated Scan? Or will they find the exact same vulnerabilities? Does anyone else use SNMPv3 to aid Qualys OS detection? If so, how does your organization respond to the lack of AES256 encryption support, and the lack of SHA2 hashing support, in Qualys Authentication records? When scanning Windows workstations, which is more resource intensive to the target device, a scan using a dissolvable agent or a scan using a traditional Windows authentication record with remote registry services ena... Hi All, Thought I would raise a finding here which I feel is questionable. Interested to hear other viewpoints. This is regarding the recent MS Vulnerability, CryptAPI. The CVE reference is 2020-0601. ... Hi, Please help to understand. Mentioned QID is reported as a reference of CVE-2007-6750. In Results I see: QID: 86847 detected on port 443 over TCP - Apache 2.2.3# But I'm running Apache 2.4.29 ... We are looking for best practices to create an option profile for external scanning. We have been using the PCI Option profile but it is limited and not user configurable. The external scans will be unauthenticat... I'm curious what some of you do for scanning workstations in large environemnts? (ie: >1000 Workstations) Do you scan a sample subset of workstations for vulnerabilities? Do you scan every single PC? I can't seem... Hello all, I am having some issues trying to figure out what we need to do about this vulnerability that is showing up for printers... There are patches and registry hacks to get it remediated for serv... Looking to improve overall security monitoring. We use Virtual Appliances, all are at current configurations. Qualys released a new QID last week, QID 91566, for an HTTP/2 Denial of Service vulnerability. It appears this is the latest vulnerability addressed by Microsoft that requires both a patch and a registry key to be dep... Hi Guys, I have disabled all weak ciphers on a windwos 2012 rserver and has 2016 SQL installed. 1 application on the workstation is connecting to the DB on server. We found out that if this registry key is de... Folks, We have a lot of Cisco Devices running a fairly recent code (Nexus, IOS, Catalyst). Our Qualys network vulnerability scanner is complaining about deprecated... Hello all, I am looking for a way to change the severity of vulnerability based on the operating system. The use case is for a vulnerability that requires local access to exploit, i.e. Meltdown/Spectre. A... Hi all - ETA on QID for CryptoAPI?