• PCI fail: SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)

    I've been in IT for a while, but I'm fairly new to PCI compliance.   One of the errors my scan is failing  on is: SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)    The server seem...
    Michael Ward
    last modified by Michael Ward
  • Dashboards and Reporting Resources - Start Here

    Welcome to Dashboards and Reporting   Welcome to our Dashboards and Reporting space.  Here we will begin to collaboratively and constructively collect relevant legacy ...
    last modified by DMFezzaReed
  • PC API query for compliance posture is not returning results for the last 2 days

    Hi   We had a working query and out of the sudden, it is not working anymore. And I have no idea what is the problem with it. This for the policy compliance posture.  Original query:   curl -u "Usern...
    Attila Horvath
    last modified by Attila Horvath
  • PCI 4.0 Draft

    The PCI 4.0 draft appears to only be available to certain groups through PCI SSC. As an ASV would Qualys be able to share a draft so that we could see what might be in the next revision?
    Micheal Stephenson
    last modified by Micheal Stephenson
  • Product Feature Requests

    What is a Feature Request? A Feature Request is any suggestion for an enhancement to Qualys software. Feature Requests are not a contractual obligation for Qualys to develop the suggestion or to develop the request as...
    last modified by Robert Dell'Immagine
  • Service Accounts Expiry

    Hi   I want to know as we have reset our few Environment's "service account" password's in Qualys and replicated this on AWS But our scans are still failing due to these password changes.   Is there any ot...
    Gaz H
    last modified by Gaz H
  • Qualys picking up previous kernel version?

    Hi A quick question to confirm: I want to know that we have ran scan's based on ALL EC2 instances, when ever we are patching the Environment's whether this is DEV/SIT/TEST etc...   However, once all these been ...
    Gaz H
    last modified by Gaz H
  • External Scans versus Dynamic IP

    Hi,   I'm consulting with a client who is using Qualys to perform external vulnerability scans.  The issue is they have dynamic IP so entering IP for the scans is problematic.     Would inst...
    Eric Beaumier
    last modified by Eric Beaumier
  • Qualys API Call

    Hi   I wanted to know how can we see an "API" instance call made in the background in a test environment, with instance ID etc...How can we see this on Qualys cloud platform console? Is this a possibility, of se...
    Gaz H
    last modified by Gaz H
  • How can i see qualys PCI support???

    I got answer False Positive Comment   False Positive request rejected. Please see Qualys PCI support case#691243. Kindly resubmit false positive request with additional information   how can i see qua...
    created by YEONGSEOP BYEON
  • Qualys Cloud Suite Password Parameters and Defaults in Release 8.16

    Qualys Cloud Platform Release 8.16 includes New Password Security Options   We’ve added several new password security options to enforce a strong password policy when logging into your Qualys subscript...
    last modified by DMFezzaReed
  • Trying to Search QIDs

    I am trying to get to the window where i can search QIDs.  I have a username and pw but it will not let me access the page.   QID 38738
    Kevin Beasley
    last modified by Kevin Beasley
  • How to get a PCI Report Certified by Qualys

    What are the steps needed to get a PCI report certified by Qualys?
    Sam Friday
    last modified by Sam Friday
  • Dashboard Toolbox - VM DASHBOARD BETA: PCI Compliance Vulnerability Exposure Dashboard

    This page contains information to create a PCI Compliance Vulnerability Exposure Dashboard BETA dashboard leveraging data in your Qualys Vulnerability Management subscription.  This dashboard is part of the ...
    Felix Jimenez
    last modified by Felix Jimenez
  • SSL Labs Tests for URLs with status codes

    Hi,   In order to run SSL Labs test for a url what http status code is considered, is it only 200 or any other status codes?
    Security User
    created by Security User
  • Generating alerts from FIM data

    We are using the Cloud Agents with FIM enabled in our cloud infrastructure as a replacement for AIDE. Is there any way to create alerts based on a set of criteria? We would want either emails to be sent out or possibl...
    Robert Barrow
    last modified by Robert Barrow
  • Version of Qualys

    Hello, How to find the version of Qualys where only PCI Compliance Module is in use? Thanks.
    peipei jin
    last modified by peipei jin
  • CVE-2004-0230- TCP Sequence Number Approximation Based Denial of Service.

    This vulnerability (CVE-2004-0230- TCP Sequence Number Approximation Based Denial of Service) is reported on many windows 2008 servers. As per Microsoft, this is a protocol issue and is fixed since 2005 for for IPv4 a...
    Umesh Hande
    last modified by Umesh Hande
  • PCI External Network Scan vs PCI Web Application Scan

    I could see below description for both PCI External IP scan vs Web Application Scans    PCI External Network Scans The Network section is where you manage your quarterly external network scans, per PCI ...
    last modified by shanmugammanian
  • Deprecated SSH Cryptographic Settings

    Hello, I have received this message as a vulnerability from one of my servers. But I'd like to know which cryptographies are the ones he says are discontinued.
    Eric Barreto
    last modified by Eric Barreto