Vulnerability Scans for Information Gathering Only

Document created by Leif Kremkow on Feb 3, 2016Last modified by Robert Dell'Immagine on Feb 3, 2016
Version 3Show Document
  • View in full screen mode


This how-to gives you a step-by-step recipe for configuring Qualys Vulnerability Management scans in such a way as to collect as much information about a target, without running an actual vulnerability scan. This can be useful when trying to understand why your authenticated scan fails, or why not as many targets are being found as you expected.


We will create a Search List that only includes Information Gathered items and then create an Option Profile that uses the Search List we just created. We'll tweak the Option Profile to also include Authentication Records.



In order for you to run such a scan and analysis a Manager, Unit Manager, or Scanner account is needed. Reader accounts will not be able to follow this recipe as they are unable to work with Option Profiles and are not permitted to launch scans.


Create a Custom Search List and Option Profile

The Search List will help us define what we want the scan engine to do - only the vulnerabilities, or QIDs, named in the Search List will be included in the Scan, Report, or Remediation Policy that call upon that Search List.


In Vulnerability Management, go to Reports > Search Lists > New > Dynamic List…:

step 01.png


Give your Search List a name, in this example we'll use "Only Information Gathered":

step 02.png


Then go to List Criteria, and select all the Information Gathered levels (1 to 5):

step 03.png


Save this list and then create a new Option Profile. Go to Scans > Option Profiles > New > Option Profile…:

step 04.png


We'll give the Option Profile the name "Only Information Gathered':

step 05.png


We'll leave all the default settings and only make two changes in the Scan section. Use the special Search List we just created and enable Authenticated Scans. First, set the Option Profile to allow only the signatures that we defined in the Search List "Only Information Gathered":

step 06.png


Scroll down to the Vulnerability Detection section and set the custom Search List:

step 07.png


Choose your custom created Search List and Save your choice:

step 08.png


Now scroll down to "Authentication" and enable Authenticated Scan:

step 09.png


In the above example we are only enabling Windows authentication records - this should be adjusted to enable/disable the types of authentication records that you would want the scanner to try to use in your perimeter.


Authenticated scans, especially ones where Vulnerability and Potential Vulnerabilities have been excluded, should not have any noticeable effects on the target being scan.


Now scroll down to the bottom of the New Option Profile window and press Save to store this new Option Profile.


Run a Scan to Gather Information Only

Use the Option Profile you just created to run a scan against the targets of interest to you.


Go to Scans > Scans > New > Scan:

step 10.png


From there define a new scan, giving it a suitable name ("Gather Information Only" in this case), and choose the "Only Information Gathered" Option Profile that we created previously. Then choose the target perimeter you need to scan, in this case the Asset Group "Test Targets". Hit Launch button when ready, or configure a Schedule Scan instead (be mindful to as to the Option Profile and Scanner Appliance that you choose):

step 11.png