• Anyone find slowness in the UI, Scans, Reporting or API this morning?

    Good morning Community,   Just checking in to find out if anyone else had any issues like slow scans, UI, reporting or API?  We are experiencing all three.  We are on POD2.   I know Qualys did so...
    Rusty Qualyz
    created by Rusty Qualyz
  • Enabling strong cipher suites in Windows Server 2008 R2 and 2012 R2

    Hi All, I have got the above weak cipher suites in the SSL Lab report.   Below the existing cipher suites mapped on the server: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_...
    Srikumar Mohanram
    last modified by Srikumar Mohanram
  • Emergency Qualys Portal Upgrades?

    Hi Friends: I've noticed a flurry of recent activity in Qualys' change controls. On March 10th, I saw [Scheduled] US Platform 2: Qualys Suite PORTAL Release Notification (CMB-65395). Today, March 16th...
    Tef Gardener
    last modified by Tef Gardener
  • Issues with authenticated scans on Windows Servers

    Hello.   We are currently using Qualys Virtual Scanner Appliance and we struggle to get consistent results on part of the scanned Windows Servers.   Setup : authenticated scan, complete vulnerability...
    Rafal Gonzalez
    last modified by Rafal Gonzalez
  • HSTS not recognized by SSL Labs scan when browsing through WAF

    I'm having a very weird issue. I have a WAF that sits in front of some portals (Citrix Netscalers) that my users use to gain access to their office computers and sits in front of some web servers (IIS and Apache)....
    Joe Gruppuso
    last modified by Joe Gruppuso
  • QID to Indicate Desktop or Server OS?

    Does Qualys have a QID that indicates if an operating system is a server OS or a desktop OS for Windows and *nix, so that you don't have to use regular expressions to determine this information?   Than...
    John Malon
    last modified by John Malon
  • End of Support & End of Life details for the below

    QualysGuard Virtual Scanner Appliance- version 2.4.26-11     Regards, Ravi  
    ravi kiran
    last modified by ravi kiran
  • Dynamic Tagging

    I am starting to use Dynamic tagging and understand the following: IP Address in Range, IP Address in Range + Networks. But I would like to create a tag based on some of the fields used within Qualys. So for an e...
    Richard Neerhout
    last modified by Richard Neerhout
  • MS SQL Authentication Error 18452 (Policy Compliance)

    I am attempting to authenticate to a SQL database in our environment using AD credentials. We have ensured the account has the necessary permissions to the database however we we attempt authentication we receive an a...
    Brandon Black
    last modified by Brandon Black
  • Is there a way to do dynamic Asset groups for Authentication?

    I'm setting up authentication records and want to be able to have the records tied to devices that are in a dhcp environment.  I see there is an option to add asset groups to the authentication records, but not a...
    Megan Fairchild
    created by Megan Fairchild
  • Pagination problem, limited records

    I would like to ask a question about limitation of records (Global IT Asset Inventory API), I want to list host details for specific fields , with the help of this API documentation : https://www.qualys.com/docs/...
    last modified by ZELIANG YAO
  • API: Edit asset group to remove bulk IPs

    I am trying to remove a large number of IP addresses from several asset groups so I would like to use an xml file to feed the list of IP addresses. I have used the command curl -u "username:password" -H "X-Reque...
    Ricardo Gomez
    created by Ricardo Gomez
  • Trouble with intermediate certificate "Chain Issues: Incomplete"

    I am struggling with getting my intermediate certificate set up.  Everything is fine in ordinary web browsers.  But SSLLABS and Facebook both seem to have trouble with the intermediate.   SSL Server Te...
    Amanda Chaudhary
    last modified by Amanda Chaudhary
  • WAS and Security Questions

    We have an application we need to scan but it has security questions required for authentication. Can WAS work with security questions?
    Richard Feldmann
    last modified by Richard Feldmann
  • API Query To Retrieve CVEs

    Is there an API(s) that will enable me to get the CVEs associated with a QID or a list of QIDs? I tried using the following API call(s) but the query didn't return the CVEs associated with the ids. Below is the q...
    Boston Cooper
    created by Boston Cooper
  • How do I Log Into Asset Management API with Azure Automation?

    I'm trying to use Azure Automation to log into the Asset Management API with Azure Automation. I have an asset tag in Qualys that grabs all assets that have not been seen in a VM scan for over 14 days. I'm trying...
    Joey Odell
    last modified by Joey Odell
  • Dropbear SSH Multiple Security Vulnerabilities

    I have a vulnerability for QID 38670, "Dropbear SSH Multiple Security Vulnerabilities" on a Network Attached Storage unit. I have spent the last hour trying to find the CVE number and instructions on how to mitigate t...
    David Livelsberger
    last modified by David Livelsberger
  • TLS CBC Incorrect Padding Abuse Vulnerability

    CVE-2014-8730 and CVE-2015-3624 vulnerabilities have frequently appeared in Qualys recently. These vulnerabilities are related to TLS CBC Incorrect Padding Abuse in Netcaler, but I found that the result of Qualys...
    Mark Wang
    created by Mark Wang
  • How can I have create a dashboard for Closed/Ignored Vulnerabilities?

    Hello,   I am looking to show a dashboard for the following:   All the Closed/Ignored vulnerabilities (total number) Closed/Ignored vulnerabilities by team (either tag or asset group) How many Closed/Ign...
    Rusty Qualyz
    last modified by Rusty Qualyz
  • Dashboard Widgets - Colour by percentage

    Vulnerability Management (or AssetView) Dashboard - Is it possible to colour code widgets based on percentage?   If so, how can you do it. When I look at the widget preferences, I only have when the value is gre...
    Michael Fowler
    last modified by Michael Fowler