What happened to "Complete" detection scope?

Document created by Dave Ferguson Employee on Apr 26, 2018
Version 1Show Document
  • View in full screen mode

Since the beginning of time in Qualys WAS, the default detection scope has been Complete.  All vulnerability detections (QIDs) were included in the scan by default.  This is what it looked like in the option profile:



The default detection scope has changed to Core:



It's just a name change at this point.  All WAS QIDs that existed before have been moved into the core detection set.  You can see the QIDs in the core set by clicking the link.  All informational QIDs are included in the core set as well.


Why was this change made?  It is to lessen the impact on scan times going forward and to allow more flexibility when new vulnerability detections are released.  In the past when a new WAS QID was introduced, it was automatically included in all vulnerability scans that used the default detection scope.  This was true regardless of how uncommon the vulnerability was or how time consuming the detection logic was.  Most customers tend to use the default detection scope so the result was ever-increasing scan times.  While better detection capability is good, there is a trade off in terms of scan time.


From now on, new WAS QIDs may or may not be included the core detection scope.  It will depend on the nature of the vulnerability and the detection logic.  If it is an uncommon or obscure issue or a time-consuming vulnerability to test for, it probably won't be put into the core detection scope.


Don't forget you can always run scans with complete detection scope if desired.  The capability is still there.  Simply create a dynamic search list and mark all the checkboxes under Confirmed Severity, Potential Severity, and Information Severity.  Then in your WAS option profile, select "Custom Search Lists" for Detection Scope and add that dynamic search list.

5 people found this helpful