This how-to gives you a step-by-step recipe for configuring Qualys Vulnerability Management scans in such a way as to collect as much information about a target, without running an actual vulnerability scan. This can be useful when trying to understand why your authenticated scan fails, or why not as many targets are being found as you expected.
We will create a Search List that only includes Information Gathered items and then create an Option Profile that uses the Search List we just created. We'll tweak the Option Profile to also include Authentication Records.
In order for you to run such a scan and analysis a Manager, Unit Manager, or Scanner account is needed. Reader accounts will not be able to follow this recipe as they are unable to work with Option Profiles and are not permitted to launch scans.
Create a Custom Search List and Option Profile
The Search List will help us define what we want the scan engine to do - only the vulnerabilities, or QIDs, named in the Search List will be included in the Scan, Report, or Remediation Policy that call upon that Search List.
In Vulnerability Management, go to Reports > Search Lists > New > Dynamic List…:
Give your Search List a name, in this example we'll use "Only Information Gathered":
Then go to List Criteria, and select all the Information Gathered levels (1 to 5):
Save this list and then create a new Option Profile. Go to Scans > Option Profiles > New > Option Profile…:
We'll give the Option Profile the name "Only Information Gathered':
We'll leave all the default settings and only make two changes in the Scan section. Use the special Search List we just created and enable Authenticated Scans. First, set the Option Profile to allow only the signatures that we defined in the Search List "Only Information Gathered":
Scroll down to the Vulnerability Detection section and set the custom Search List:
Choose your custom created Search List and Save your choice:
Now scroll down to "Authentication" and enable Authenticated Scan:
In the above example we are only enabling Windows authentication records - this should be adjusted to enable/disable the types of authentication records that you would want the scanner to try to use in your perimeter.
Authenticated scans, especially ones where Vulnerability and Potential Vulnerabilities have been excluded, should not have any noticeable effects on the target being scan.
Now scroll down to the bottom of the New Option Profile window and press Save to store this new Option Profile.
Run a Scan to Gather Information Only
Use the Option Profile you just created to run a scan against the targets of interest to you.
Go to Scans > Scans > New > Scan:
From there define a new scan, giving it a suitable name ("Gather Information Only" in this case), and choose the "Only Information Gathered" Option Profile that we created previously. Then choose the target perimeter you need to scan, in this case the Asset Group "Test Targets". Hit Launch button when ready, or configure a Schedule Scan instead (be mindful to as to the Option Profile and Scanner Appliance that you choose):