• HTTP vs HTTPS for a site

    If i configure a site as specifically HTTPS does the scanner check to see if the site also listens on HTTP ?     The same the other way around ?    I'd almost expect the site to scan on HTTP...
    Andrew Craick
    last modified by Andrew Craick
  • Groovy Script to Tag Assets with No Last VM Scan date

    Hi Community Wondering if anyone can help me with groovy script code to tag assets that have the following. - specific asset tag already applied to assets - no lastvmscandate. The asset search query i am using is&...
    Michael Fennell
    last modified by Michael Fennell
  • vulnerability.status question

    It comes in four categories I am posting my assumed thoughts on what they mean, can you confirm or correct me?   Active - Are these ones that still exist, not new...so have existed in more than one scan?  ...
    John Sponheimer
    last modified by John Sponheimer
  • Reporting Question -- csv files

    I'm getting a csv file that is essentially a dump of the vulnerability report.  For some reason, every line is trailed by 6,509 commas.  Can somebody tell me why?  Is there a way to get the report witho...
    Chris Knox
    created by Chris Knox
  • Is anyone else effected by the Software section not being populated?

    Hello Qualys Community,   We are using the Remediation Rules to assign work and part of our rules depends on the Software Section of the QID.  Recently this section is not populated for the following QIDs: ...
    Rusty Qualyz
    last modified by Rusty Qualyz
  • Is there a way to get the last used date for a software installed?

    Hi All,   Is it possible to obtain an indication on the last date of use of the/a software installed on a machine with Cloud Agent? Looking at the option in the Global IT Asset Inventory Module seems that this t...
    created by giacomor
  • Installation Date Qualys Agent

    Good day Qualys Community,   Does anyone knows how to obtain the date when the Qualys agent is installed on a machine? I haven´t figured if this is possible.   Thanks for the support!!
    Mario Camarena
    created by Mario Camarena
  • Website ADA Compliance Checker

    Does Qualys have a ADA Compliance Checker report profile or something that rates how compliant it is with Section 508, the Americans with Disabilities Act (ADA), and the 21st Century Communications and Video...
    Sam Friday
    last modified by Sam Friday
  • Updated Urgent/11 Detection?

    Given the latest information around Urgent/11 from Armis (URGENT/11 Affects Additional RTOSs Highlights Risks on Medical Devices | Armis )(Armis Discovers Expanded Reach of URGENT/11 That Highlights Risk to Medic...
    Robert Sloan
    last modified by Robert Sloan
  • SCA Policies

    On SCA, for each technology there are Level 1, Level 2 and Level 1 + 2 policies. What are the differences between those? On which scan should I use them? Also, all of them are marked as "Scored", what does it me...
    Adrian Prieto
    created by Adrian Prieto
  • WAS Dynamic Tag based on sev 4 or 5 vulns over last 6 months

    Looking in asset search to try and create a query that would allow such a tag i can't see a way to only show assets with  WAS and severity 5 vulnerabilities. The following  ...
    Andrew Craick
    created by Andrew Craick
  • Redirection on a browser tab

    Hello, I have a scan to make on a web application. On one of the links of the first application there is a redirection on a tab. I can not get qualys to scan the second application. Is this a problem due to the open...
    last modified by Cyril GABILLAUD
  • Question about clearing entry

    Can Qualys clear an entry in the SSLLABS test? I added HSTS and I cannot get it to update its scan results. I made the same change to a number of other domains and it the refresh scan detected just fine. It won't upda...
    Robert Glus
    last modified by Robert Glus
  • User creation API Commands

    Good Day    I checked the forum and documentation perhaps I missed it,  However I need to be able to execute the following settings for qualys user creation via API.    Enable SAML  ...
    Kevin Ryan
    created by Kevin Ryan
  • When are dynamic tags applied?

    This is a general question about the behavior of dynamic tagging in AssetView.   We wanted to create a dynamic tag for the presence of a specific QID. This seems like a pretty straightforward process.  &#...
    last modified by mike_l
  • Git client plugin (CVE-2019-10392)

    We've been alerted to a vulnerability CVE-2019-10392 related to the Jenkins Git client  plugin. There is nothing in the qualys knowledgebase about despite the advisory having been released in September 2019. When...
    Fiona Agu
    last modified by Fiona Agu
  • Authenticated Scanning

    Hello,  I'm back again. 1- Can someone explain to me the use of the ''local''  button when creating authentications  records and what makes him different from the ''domain'' section   2- wh...
    Moderan Amoussou
    last modified by Moderan Amoussou
  • Authenticated Windows login

    Hello everyone, I have authenticated scans running windows using domains username and password. The user account is a service account with DA membership. Everytime I run a scan, it fails. When i tried to debug using f...
    sam bhat
    last modified by sam bhat
  • Missing CVE Numbers

    Sometimes i see CVE new Numbers, but they are not in the vulnerabilty detecion adress sample   Multiple Vulnerabilities in HP PrintersMultiple vulnerabilities, ranging Cross-Site Scripting to buffer overflows, we...
    Hans-Juergen Kreutzer
    last modified by Hans-Juergen Kreutzer
  • Qualys Scanner to exclude root login

    Hi Everyone, I am bit new to Qualys and can not figure out why non authenticated scan on VMware for ESXi boxes uses root login attempts on ESXi boxes. I have also used authenticated scan on ESXi boxes, the authentic...
    sam bhat
    last modified by sam bhat