• Lack of EC2 connector for public IPs provisioned by NAT gateway services

    According to Qualys support, the current EC2 connector does not identify public IPs that are provisioned via the NAT gateway services.  Page 23 of the referenced document indicates that the APIs that are used by ...
    last modified by Chalky_White
  • Corretto and Java vulnerability detections

    We have a AWS based back-end,  mostly running NIX operating systems.    We recently migrated over 1K JAVA instances to Corretto and were pleasantly surprised to see thousands of JAVA vulnerabilities dis...
    Grant Johnson
    last modified by Grant Johnson
  • Service Now and Qualys feedback

    Qualys Community,   I have heard within my organization about Service Now maybe coming in the next year or so.  I would like for the vulnerability management team to get in on the ground floor.  I woul...
    Rusty Qualyz
    created by Rusty Qualyz
  • New Detections for CVE-2019-14287

    QID 197665 : Ubuntu Security Notification for Sudo Vulnerability (USN-4154-1) QID 177379 : Debian Security Update for sudo (DSA 4543-1)   Status: Released in VULNSIGS-2.4.725-2 Note: More QIDs to follow as ven...
    Robert Dell'Immagine
    last modified by Robert Dell'Immagine
  • Dashboards for Measuring Patching Operations

    Qualys is great for identifying vulnerabilities and creating lists of them, as well as subdividing them into different groups using tags, sub-dashboards, etc..   But how well does it do for reporting on the fixi...
    John Sponheimer
    last modified by John Sponheimer
  • Asset Group and Adding Bulk of IP address and IP ranges

    Hi All,   Need your help and suggestion for creating bulk of asset group with IP address and IP ranges in Qualys platform using python script. Thanks in Advance!!! 
    Saviour Hack
    last modified by Saviour Hack
  • Filtering API results on AWS account ID?

    Hi all,   I wanted to know if it's possible to filter the API results by certain AWS account numbers. I'm specifically referring to the Cloud Agent API.   I need to pull a subset of my data based on accoun...
    Garrett G.
    last modified by Garrett G.
  • Regex Value to match Unknown-Unauthenticated Windows Devices

    I'm trying to create a tag to match the following Windows Unknown (Unauthenticated) devices:   Windows 2008 R2 / Windows 7 behind NetScaler Windows Vista / Windows 2008 / Windows 7 / Windows 2012 Windows 2003 / ...
    Wade Alexandro
    last modified by Wade Alexandro
  • Windows Store Apps - outdated / possible Vulnerabilities

    I'm not seeing findings on windows store apps or the ones that are outdated and need an update. Reason for this is that  our company locks down the windows store, but in some exemptions they do allow for a quick ...
    last modified by ahamm
  • Groovy syntax results for dates

    Good Day !    I am looking to build various tags based on the QID 90924 Microsoft Windows Last Reboot Date and Time However I have not been successful in finding guidance on the groovy syntax.  &...
    Kevin Ryan
    last modified by Kevin Ryan
  • API Gateway - Application API Docs (Swagger)

    Module Version API Gateway Documentation FIM 1 https://gateway.qg1.apps.qualys.com/apidocs/fim/v1   FIM 2 https://gateway.qg1.apps.qualys.com/apidocs/fim/v2 ITAM/AI 1 https://gateway.qg1.apps.qualys.com/apid...
    Laura Seletos
    last modified by Laura Seletos
  • Finding out legacy TLS v1.0

    I need to find out whether a given website still supports TLS v1.0 and tried customizing the default "Core" detection scope in WAS by adding a  "Custom Search Lists".   Unfortunately while adding ...
    Luca Gualteri
    last modified by Luca Gualteri
  • One Asset Owner or NOT

    Hello Qualys Community,   I have a philosophical question/discussion on how Qualys customers assign out vulnerabilities to remediation teams:   Do companies have 1 asset owner and that team gets all the vu...
    Rusty Qualyz
    created by Rusty Qualyz
  • False positive on Perl install - CVE-2001-0815

    I believe I have a false positive hitting on my vulnerability scan of a Windows 2016 server..  I don't have Perl installed. I can't find the perlIS.dll anywhere on the server. I don't see any ISAPI extension...
    Jay Griffin
    created by Jay Griffin
  • QID To retrieve Ticket State

    Hi Community   I was wondering if you anyone can tell me if there is a QID for the Ticket State column as returned in a scan report ? I am trying to tag assets with a ticket state of "Closed/Ignored" s...
    Michael Fennell
    last modified by Michael Fennell
  • Qualys WAS selenium crawl script failure through API

    Hi there, I'm trying to send Selenium Script while adding application, using the <crawlScripts> tag as mentioned in the documentation but I'm hitting the error - Invalid XML format: The processing instruct...
    Ritik Saxena
    last modified by Ritik Saxena
  • Why "Last Detection" date of vulnerability is not updated when a new report is generated?

    I ran a new full report but a lot of vulnerabilities did not updated the "last detection" timestamp, but they still appear with an old timestamp, some appears with the actual date. Why is that? How Qualys handle with...
    Guilherme Queiroz
    last modified by Guilherme Queiroz
  • AssetGroups not updating

    Hi guys,           Anyone facing the following error while updating a AssetGroup?   An error has occurred and the Qualys Service cannot process your request. If this condition continues,...
    last modified by mrmime988
  • Filtered port scanning

    If the port on the host is filtered, does the qualys scan try to get information of the port by continuously hitting.
    Amit Chawat
    created by Amit Chawat
  • Unable to update dst through Schedule Scan API

    Hi,   I am trying to update our scheduled scan times to accept dst but I seem to be getting the following error: "This is not a valid scanner appliance set". Error code 1904   These are the parameters are...
    Rohil S
    created by Rohil S