• Securing your network and devices

    Lily and I have been having an interesting conversation about security on another thread.   So I decided to move it out into its own thread.   At home, I have a testing lab.   I use a Fortine...
    Michael McKenney
    created by Michael McKenney
  • Failed to obtain certificate, Cross-signed certificates

    Hello!   SSL Server Test: secure.simplepay.hu (Powered by Qualys SSL Labs)    Could it be that Sectigo's cross-signed certificate causes this problem? Sectigo Knowledge Base    Please advi...
    Viktor Szépe
    created by Viktor Szépe
  • SSLHandshakeException: Failed to negotiate the use of secure renegotiation

    I am using java 1.8.0_191 on my web server, I am writing a code which will call external web service which has following details Secure Renegotiation Not supported   ACTION NEEDED  Secure...
    Nikhil Patil
    last modified by Nikhil Patil
  • OCSP Stapling on SSLLabs reports no

    I just renewed and rekeyed my Godaddy certificates.  I setup OCSP Staping and the test shows NO.    When I test at the server level   echo QUIT | openssl s_client -connect wp.michaelmckenney.co...
    Michael McKenney
    last modified by Michael McKenney
  • Servers that only support TLS 1.3 shouldn't be downgraded

    Servers that support TLS 1.3 and don't support any of the lower versions should not be downgraded to an "A" from an "A+".
    George R
    last modified by George R
  • Scanning in Microsoft Azure using Resource Manager (ARM)

    This document describes briefly how to deploy the Qualys Virtual Scanner Appliance using Microsoft Azure Resource Manager (ARM). This scanner, once deployed, will function as a standard Virtual Scanner and can scan ba...
    George Akimov
    last modified by Qualys Documentation
  • Is authentication for Palo Alto 9 supported?

    This page says support only goes up to version 8: Set Up Palo Alto Networks Firewall Authentication    Is that still the case?   Thanks
    Peter Collins
    created by Peter Collins
  • Dashboards Toolbox: Mapping of Vulnerability Management UI Fields to QQL Token(s)

    Dashboards Toolbox: Mapping of Vulnerability Management UI Fields to QQL Token(s)  Over time, the most common question I hear on support calls is a request to convert batch reports to dashboards.  In the hop...
    last modified by DMFezzaReed
  • SSL Cert/Website

    Guys,   Just to let you know, there seems to be some discrepancy for the results from this website (SSL Server Test (Powered by Qualys SSL Labs).   So I have a Cisco router with ssl vpn, and the results sa...
    Chris Yeo
    last modified by Chris Yeo
  • Alternate IP for DNS resolution for Qualys SSL Server Test

    Hello,   Is there a way to specify an alternate IP for DNS resolution of a website before the SSL Server Test is run?    For instance, our production website www.mywebsite.com is currently hosted behi...
    Nobody Special
    last modified by Nobody Special
  • CVE-2020-5357   Dell Dock Firmware Update Utilities Arbitrary File Overwrite Vulnerability

    CVE-2020-5357 Dell Dock Firmware Update Utilities Arbitrary File Overwrite Vulnerability Is there planned a detection of this vulnerabilty. We use the WD15 Device    DSA-2020-108: Dell Dock Firmware ...
    Hans-Juergen Kreutzer
    last modified by Hans-Juergen Kreutzer
  • Scheduling settings

    I apologize as to what may seem like a simple question but I simply can not remember and don't have an ability to test this out.    I have an unauthenticated scan that needs to scan say 1000 ip addresses a ...
    Kevin Ryan
    last modified by Kevin Ryan
  • Authentication on Unix machine doesn´t work after accessing the Thycotic Secret Server via https.

    Hey everybody,    we tried to get authentication for a Unix machine and store our secrets on a Thycotic Secret Server. First we accessed the Secret Server via http in our Network an everything was working f...
    Hendrik Bressler
    last modified by Hendrik Bressler
  • Does Qualys offers Requester & Approve approach 

    Hello, How I can create a user process in Qualys like Requester and Approval approach. Like one user "A" needs to create a scan and while initiating the scan the User "B" needs to approve to do the scanning. Is any a...
  • When will the Qualys agent support Red Hat 8?

    Red Hat 8 was recently released, so when will the Qualys agent support this new version?
    Katie Perry
    last modified by Katie Perry
  • TLS CBC Incorrect Padding Abuse Vulnerability

    CVE-2014-8730 and CVE-2015-3624 vulnerabilities have frequently appeared in Qualys recently. These vulnerabilities are related to TLS CBC Incorrect Padding Abuse in Netcaler, but I found that the result of Qualys...
    Mark Wang
    last modified by Mark Wang
  • APIs and TAG Groups

    Hello All,   Can somebody help regarding the following:     The plan is to do the following:   Step #1- Create an API call to create a TAG Group Step #2- Create an API call to add a list o...
    Elias Diab
    last modified by Elias Diab
  • Stale dates in the "Last Detected" column

    A regularly scheduled scan ran early this week (5/18).  The boxes in the scan have all been up and have not been patched, rebooted, or down.  What does "Last Detected" mean in this context?  These alleg...
    Chris Knox
    last modified by Chris Knox
  • Dashboards and Reporting Resources - Start Here

    Welcome to Dashboards and Reporting   Welcome to our Dashboards and Reporting space.  Here we will begin to collaboratively and constructively collect relevant legacy ...
    last modified by DMFezzaReed
  • Dashboard Toolbox - VM DASHBOARD: Mapping of VM Search List Criteria to VM Dashboard Tokens v2

    Over time, the most common question I hear on support calls is a request to convert batch reports to dashboards.  In the hopes of addressing this, please find an example use case and supporting images below ...
    last modified by DMFezzaReed