How to launch your first vulnerability scan

Document created by Qualys Documentation Employee on Oct 22, 2012Last modified by Qualys Documentation Employee on Feb 29, 2016
Version 19Show Document
  • View in full screen mode

It's easy to launch a vulnerability scan, and there's just a few simple steps. Your scan results will show you the vulnerabilities discovered in your network.


Step 1: Add IP Addresses to Scan

Go to Assets > Host Assets to see the IP addresses available to you. If the IPs you want to scan are not listed then you have to add them (or have your manager add them and assign them to you).



Do I need to whitelist the Qualys scanners in order to scan my IPs?

You might need to whitelist the Qualys scanner servers hosted at the Qualys Cloud Platform associated with your account. The scanners must be able to access the IPs you want to scan, so we recommend you check network access before you start scanning. You can find information about the scanner servers for your platform by going to Help > About. You'll see the servers for external scanners and scanner appliances (if you have one configured).


Tell me about enabling authentication to my IPs

Authenticated scanning is an important feature because many vulnerabilities require authenticated scanning for detection. To perform authenticated scanning, you must 1) set up authentication records with login credentials for your target IPs (go to Scans > Authentication), and 2) enable authentication in the scan option profile you want to use.


Step 2: Scanner Appliances

Scanner appliances are used to perform internal scanning. If you want to use scanner appliances you have a few options. 1) You can get a hardware appliance shipped to you. 2) Qualys also provides a virtual appliance with multiple distributions: VMware Player, Workstation, Fusion and ESXi, VMware vSphere, Oracle VirtualBox, and Amazon EC2/VPC. If you're interested in either option contact your account manager or Qualys Support. Once you've installed an appliance you can choose the appliance at scan time from the Scanner Appliance menu.


Step 3: Scan Option Profiles

You’ll need an option profile at scan time. The option profile defines the scan settings you want to use. Several profiles are provided to get you started. You can use these profiles as-is or fine tune the scan settings and then save them for future use. Go to Scans > Option Profiles to see the profiles available to you. Create a new profile from the New menu or edit a profile in the list.



Step 4: Start Your Scan

You’re now ready to start your first vulnerability scan! Go to Scans > Scans and choose New > Scan.



Provide a title, select an option profile and select target hosts to scan. For your first scan, it’s recommended you limit the scan to a small number of IP addresses. The service will perform external scanning unless you have appliances in your account and choose one. When you’re ready, click Launch.



Is it possible to exclude hosts from the scan?

Yes. Simply enter the IP addresses you want to exclude into the Exclude IPs/Ranges field. Optionally, go to Scans > Setup > Excluded Hosts to create a list of IPs that you want to exclude from all scans launched by all users.


What are asset tags?

Asset tagging is a method for organizing and tracking the assets in your accounts. You can assign tags to your host assets. Then when launching scans you can select tags associated with the hosts you want to scan. There are multiple ways to create tags, for example you can create tags from asset search (go to Assets > Asset Search) or by using the Asset Management application.



Step 5: View Scan Status and Results

The scan status window appears as soon as your scan starts. The status is updated every 60 seconds until all targeted hosts have been analyzed. You can safely close this window and let the scan run in the background. You can return to the scan status window from the scans list at any time to get the latest information about your scan.



When the scan is finished check out the Scanners section. You can expand details to see which scanners were used to scan the hosts. Click the View Results button to see the full scan results. (Note that the Scanners section is only visible in accounts with New Scanner Services enabled.)


2 people found this helpful