• QID: 86847  - Apache Partial HTTP Request Denial of Service Vulnerability

    Hi,   Please help to understand. Mentioned QID is reported as a reference of CVE-2007-6750. In Results I see: QID: 86847 detected on port 443 over TCP - Apache 2.2.3# But I'm running Apache 2.4.29  ...
    Lev Sturmer
    created by Lev Sturmer
  • Is it possible to forward the scan engine OS security logs to Splunk either by being able to install one of our Splunk agents or sending the logs via Syslog

    Looking to improve overall security monitoring.  We use Virtual Appliances, all are at current configurations.
    Daniel Johnson
    created by Daniel Johnson
  • External Scanning Option Profile (Best Practices)

    We are looking for best practices to create an option profile for external scanning. We have been using the PCI Option profile but it is limited and not user configurable. The external scans will be unauthenticat...
    Jon Rhodes
    last modified by Jon Rhodes
  • HTTP/2 DoS - QID 91566

    Qualys released a new QID last week, QID 91566, for an HTTP/2 Denial of Service vulnerability. It appears this is the latest vulnerability addressed by Microsoft that requires both a patch and a registry key to be dep...
    Jordan Greene
    last modified by Jordan Greene
  • 3rd party outdated library detections

    Hi All,   I'm trying to find out if there is a way we can find out outdated or vulnerable 3rd party library vulns??   Any inputs are much appreciated.   Thanks, Akash.
    Akash Singh
    created by Akash Singh
  • Export limit on the AI module?

    Hello Qualys Community,   I tried downloading a list of assets in the AI module and got a message stating there is a limit of 5,000 records.  Is this a temporary limit?
    Rusty Qualyz
    last modified by Rusty Qualyz
  • Are there any dashboards for the AI module dashboard?

    Are there any pre-built dashboards for the AI module?  Does anyone have any dashboards or widgets they would like to share?  We really want to start using this module to align with a possible ServiceNow impl...
    Rusty Qualyz
    created by Rusty Qualyz
  • Dynamic tags based on CVSS Base score ?

    Hi,    We are trying to create a dynamic tags based on CVSS Base score using below query, but its not working as expected.   if(asset.getAssetType()!=Asset.AssetType.HOST) return false; return asset....
    Chandra Sekhar
    created by Chandra Sekhar
  • Best Practice for Workstation Scanning?

    I'm curious what some of you do for scanning workstations in large environemnts? (ie: >1000 Workstations) Do you scan a sample subset of workstations for vulnerabilities? Do you scan every single PC? I can't seem...
    last modified by kelkin
  • Change user account Password using powershell

    I am working on a script to change the password of the local Qualys user account using PowerShell and Qualys API. I am able to use a session-based login and logout as well. But API to change the password is not w...
    Vijayaragavan Subbaraj
    last modified by Vijayaragavan Subbaraj
  • Groovy syntax results for dates

    Good Day !    I am looking to build various tags based on the QID 90924 Microsoft Windows Last Reboot Date and Time However I have not been successful in finding guidance on the groovy syntax.  &...
    Kevin Ryan
    last modified by Kevin Ryan
  • QSC20 London Presentations

    QSC20 London Agenda and Presentation Slides: 16 January 2020  Presentation slides are linked below.   9:15 - 11:00 Keynote: The Evolution of the Qualys Platform: Unveiling the Latest Updates and Next-G...
    Robert Dell'Immagine
    last modified by gautam nandane
  • Some problems about Internationalized domain name

    E.g. xn--fiq7iq58bfy3a8bb.xn--fiqs8s Text is "互联网中心.中国".   Title cannot be displayed in reports.   And during analysis, there is a chance to jump to an analysis page that is not the domain name. xn--...
    Junhui Deng
    last modified by Junhui Deng
  • Qualys Authentication

    I have a few windows servers where authentication is not being attempted.     My question is, at what point does Qualys determine if it’s going to authenticate or not?  I’m not even g...
    Carolyn Spengler
    last modified by Carolyn Spengler
  • CMDB Sync & ServiceNow Table Licensing

    My customer would like to use the CMDB Sync application to update the CMDB in ServiceNow. ServiceNow has implemented a new licensing model where it charges extra for custom tables. The customer is worried about the ...
    Kevin Urbanek
    created by Kevin Urbanek
  • PCI fail: SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)

    I've been in IT for a while, but I'm fairly new to PCI compliance.   One of the errors my scan is failing  on is: SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)    The server seem...
    Michael Ward
    last modified by Michael Ward
  • Feature Request ? Create policy from host vs only one policy

    Hello,   The "create policy from host" feature in Policy Compliance module automatically embeds ALL the controls for a given technology. What I wish is to filter these controls to get a Policy created from the ...
    stan pichon
    created by stan pichon
  • Dashboards and Reporting Resources - Start Here

    Welcome to Dashboards and Reporting   Welcome to our Dashboards and Reporting space.  Here we will begin to collaboratively and constructively collect relevant legacy ...
    last modified by DMFezzaReed
  • Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA

    The New Vulnerability Management (VM) Dashboard BETA program is not intended for production use, and its content is subject to modification without notice.  If you have any questions regarding its conte...
    last modified by DMFezzaReed
  • Dashboard Toolbox - VM DASHBOARD BETA: Microsoft 2020 Patch Tuesday (QID Based) VM Dashboard

    Content Added Monthly - Check Back for Updates Dashboard Toolbox - VM DASHBOARD BETA: Microsoft 2020 Patch Tuesday (QID Based) VM Dashboard  This page contains information to create a Microsoft 2020 Patch Tuesda...
    last modified by DMFezzaReed