• How to write a Groovy scriptlet for asset tagging

    Read first, important This documents how to create a Groovy scriptlet. I recommend using only if you are confident of all of the following: Understand the load/strain tagging puts on the platform. Understand the cod...
    Parag Baxi
    last modified by Nick Williams
  • Dashboards and Reporting Resources - Start Here

    Welcome to Dashboards and Reporting   Welcome to our Dashboards and Reporting space.  Here we will begin to collaboratively and constructively collect relevant legacy ...
    DMFezzaReed
    last modified by DMFezzaReed
  • Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA

    The New Vulnerability Management (VM) Dashboard BETA program is not intended for production use, and its content is subject to modification without notice.  If you have any questions regarding its conte...
    DMFezzaReed
    last modified by DMFezzaReed
  • Customizing the "Core" Detection Scope

    Some customers have asked how to customize the Core detection scope in WAS (e.g., remove certain QIDs or add others).  Currently the best way to accomplish this is to use "Custom Search Lists" detection scope as ...
    Dave Ferguson
    last modified by Dave Ferguson
  • Dashboard Toolbox - VM DASHBOARD: Top 10 Vulnerabilities Scorecard v2

    This page contains information to create a Top 10 Vulnerabilities Scorecard v2 dashboard leveraging data in your Qualys Vulnerability Management subscription.    Apr 01, 2020: In preparation for GA rel...
    DMFezzaReed
    last modified by DMFezzaReed
  • Dashboard Toolbox - VM DASHBOARD: QLYS - TTL Closed (FIXED or IGNORED) Scorecard v2

    This page contains information to create a QLYS - TTL Closed (FIXED or IGNORED) Scorecard v2 dashboard leveraging data in your Qualys Vulnerability Management subscription.    Unremediated (or OPEN) equ...
    DMFezzaReed
    last modified by DMFezzaReed
  • Dashboard Toolbox - VM DASHBOARD: Total Unremediated (OPEN) Scorecard v2

    This page contains information to create a Total Unremediated (OPEN) Scorecard BETA dashboard leveraging data in your Qualys Vulnerability Management subscription.    Unremediated (or OPEN) equates to s...
    DMFezzaReed
    last modified by DMFezzaReed
  • Qualys integration with AWS Security Hub

    Introduction Customers can now access Qualys vulnerability and policy compliance findings in the Amazon Web Services (AWS) Security Hub. This will help them prioritize risks and automate remediation using na...
    Hari Srinivasan
    last modified by Santosh Mukkawar
  • Dashboard Toolbox - VM DASHBOARD: Scorecard Dashboard v2

    This page contains information to create a Scorecard dashboard leveraging data in your Qualys Vulnerability Management subscription.   Apr 01, 2020: In preparation for GA release, this dashboard ha...
    DMFezzaReed
    last modified by DMFezzaReed
  • Dashboard Toolbox - VM DASHBOARD BETA: Mapping of VM Search List Criteria to VM Dashboard Tokens v2

    Over time, the most common question I hear on support calls is a request to convert batch reports to dashboards.  In the hopes of addressing this, please find an example use case and supporting images below ...
    DMFezzaReed
    last modified by Robert Dell'Immagine
  • Asset Tagging API Examples

    Was helping a customer tonight with some Tagging API calls.  Sharing back for future reference. Another good page wrt tagging is Asset Tags: Are You Getting The Best Value?    Creating Tags with th...
    Jeff Leggett
    last modified by Jeff Leggett
  • Dashboard Toolbox - VM DASHBOARD BETA: Google Chrome Prior to Release Vulns

    Dashboard Toolbox - VM DASHBOARD BETA: Google Chrome Prior to Release Vulns  This page contains information to create a Google Chrome Prior to Release Vulns VM Dashboard leveraging data in your Qualys V...
    DMFezzaReed
    last modified by DMFezzaReed
  • Web Shell Detection in WAS

    Recently, the WAS scan engine began testing for the presence of known web shells via QID 150239.  This QID is included in Core detection scope and is rated by Qualys as severity 5 (highest severity).  If a w...
    Dave Ferguson
    last modified by Dave Ferguson
  • API Testing with Postman Collections

    This article describes how to set up vulnerability scanning of your API using Qualys WAS with a Postman Collection.  Initial support for Postman Collections in WAS was released in October 2019.   Postman Col...
    Ed Arnold
    last modified by Ed Arnold
  • BrowserCheck FAQ

    About Qualys BrowserCheck  The threat of browser-based data breaches is growing. The number of vulnerabilities in browser plugins is on the rise. Now is the time to be proactive about the security of your web br...
    bharfoush
    last modified by Robert Dell'Immagine
  • SAML 2.0 Integration Request Form

    If you are requesting to enable SAML 2.0 integration on your account please complete this form when submitting your request.
    jgazman
    last modified by Calab Kodmal
  • Dashboard Toolbox - VM DASHBOARD: QID: 91617 | Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability (ADV200006) (Zero Day)

    This page contains template information to create a Vulnerabilities Dashboard leveraging data in Qualys Vulnerability Management subscription.    QID 91617  – Microsoft Windows Adobe Type Mana...
    DMFezzaReed
    last modified by DMFezzaReed
  • Troubleshooting Qualys API

    This document is intended to help customers isolate API issues and provide sufficient evidence to Qualys Support for quick resolution.  The API examples are from the Host List Detection; however, other API endpoi...
    Spencer Brown
    last modified by Spencer Brown
  • API Testing with Swagger 2.0

    The Qualys Web Application Scanning module allows users to scan APIs in addition to traditional web applications.  This article will examine testing an API that adheres to the OpenAPI Specification through the us...
    John Delaroderie
    last modified by John Delaroderie
  • New QID for vulnerability in Telerik UI for ASP.NET AJAX

    A new detection in Qualys WAS has been released to detect an unrestricted file upload vulnerability in Telerik UI for ASP.NET AJAX.  The flaw consists of weakly-encrypted data that is used by RadAsyncUpload. ...
    Dave Ferguson
    last modified by Dave Ferguson