Dashboards and Reporting Resources - Start Here

Document created by DMFezzaReed Employee on Jun 20, 2018Last modified by Felix Jimenez on May 19, 2020
Version 192Show Document
  • View in full screen mode

Welcome to Dashboards and Reporting

 

Welcome to our Dashboards and Reporting space.  Here we will begin to collaboratively and constructively collect relevant legacy posts into a central location for ease of access, as well as adding a variety of new resources, to include but not limited to, reference documents, dashboard, and widget json files, demonstration dashboards, reporting search lists, reporting methodologies and techniques, dashboard and reporting training sessions and videos, etc...  So, let's get started!

 

Dashboard and Reporting are two sides of the same coin – the coin being Data Visualization – be that...

Side 1: interactive (dashboard), or,

Side 2: batch (reporting). 

Beginning April 2020: In preparation for GA release, Vulnerability Management Dashboards are being reviewed and improved to leverage current product functionality.  Please look for an Updated flag in the list of dashboards further down on this page.

Search Community Tags [Labels] to Find Relevant Documents and Posts

Did you know you could search the tags applied to the posts within the community? Did you know you could apply tags to your own posts too? 

 

Please try clicking on a tag in the table below to pull a list of relevant resources within our community.

 

Area of FocusTagBrief Description

Dashboard - General

(Not Application Specific)

dashboard_ideation

Ideation is the formation of ideas or concepts.  This tag is meant to track collaboration posts where we are sharing ideas and thoughts on how we might approach a use case or something along that line of thought.

dashboard_toolbox
Toolbox is a box or container for keeping tools in. In computing, a toolbox is a set of software tools or a set of programs or functions accessible from a single menu.
dashboard_howtoHow-to provides detailed and practical advice. This tag would be attached posts that offer "To accomplish A, do this..."
dashboard_features Features are distinctive attributes or aspects of something.  This is meant to track posts that discuss the features of our dashboard application interface.  
dashboard_query A Query is a question then interpreted into the information entered [by a user] to search a database for the answer.  Translating the human question, into a database query, requires the support of well-documented, well thought out security policies, standards, guidelines, and procedures.
dashboard_discrepancy Discrepancy is when there is a difference between two things that are believed should be alike.  Only through collaborative investigation, assessment, and understanding can a discrepancy be addressed.

dashboard_ux

UX is the core of human-computer interaction (HCI) technologies. Tell us what you like, don't like, or you think can be improved.

Dashboard - Application Specific: Vulnerability Mgmt.

vmdb_beta 

This label is meant to be applied when the content of the post includes information or resources specific to Vulnerability Management  Dashboard BETA

NOTE: This label has been replaced by dashboard_vm.

Vulnerability Management Dashboard BETA Closed with the Release of Portal 3.0

Cloud Platform (QWEB 10.0, Portal 3.0)

vmdb_bug

This label is meant to be applied when the content of the post includes information about a Vulnerability Management  Dashboard bug that has been confirmed by Qualys.

NOTE: This label will eventually be replaced by dashboard_vm in combination with bug
vmdb_bug_fixed 

This label is meant to be applied when the content of the post includes information about a Vulnerability Management  Dashboard bug that has been resolved by Qualys.

NOTE: This label will eventually be replaced by dashboard_vm in combination with bug_fixed

dashboard_vm

This label is meant to be applied when the content of the post includes information or resources specific to Vulnerability Management dashboards.  

NOTE: This label will eventually replace vmdb_betavmdb_bug, and vmdb_bug_fixed.

dashboard_json

vmdashboard_json

This label is meant to be applied when the content of the post has a dashboard or widget json file attached.

vmdb_patchtuesday_widget

This label is to make it easier to find the new monthly widget created for use in Dashboard Toolbox - VM DASHBOARD BETA: Microsoft 2019 Patch Tuesday VM Dashboard.

Dashboard - Application Specific: AssetView

dashboard_assetview

dashboard_av

This label is meant to be applied when the content of the post includes information or resources specific to AssetView dashboards.

NOTE: This label will eventually be replaced by dashboard_av

Dashboard - Application Specific: Asset Inventory

dashboard_ai

This label is meant to be applied when the content of the post includes information or resources specific to Asset Inventory dashboards.

Qualys Query Language (QQL)

qql_bug This label is meant to be applied when the content of the post includes information about a QQL bug that has been confirmed by Qualys.
qql_bug_fixed This label is meant to be applied when the content of the post includes information about a QQL bug that has been resolved by Qualys.

Reporting

(Not Application Specific)

reporting_ideationIdeation is the formation of ideas or concepts.  This tag is meant to track collaboration posts where we are sharing ideas and thoughts on how we might approach a use case or something along that line of thought.
reporting_toolboxToolbox is a box or container for keeping tools in. In computing, a toolbox is a set of software tools or a set of programs or functions accessible from a single menu.
reporting_howtoHow-to provides detailed and practical advice. This tag would be attached posts that offer "To accomplish A, do this..."
reporting_features Features are distinctive attributes or aspects of something.  This is meant to track posts that discuss the features of our dashboard application interface.  

reporting_discrepancy

Discrepancy is when there is a difference between two things that are believed should be alike.  Only through collaborative investigation, assessment, and understanding can a discrepancy be addressed.

More to come...check back soon and often!

Dec 7,2018: This page contains flags to indicate when content is New, Added, and Updated.  At the start of 2019, DMFezzaReed will remove the flags for Jan-Nov, 2018 to keep this page neat and tidy. Moving forward, I will maintain the flags for at least 30-days prior to the most current edit.  If you have any questions, please let me know.

Documentation, Training and Support Resources

FAQ Links

Dashboard Toolbox: Dashboarding Best Practices FAQ 

Reporting Toolbox: Reporting Best Practices FAQ 

 

Training Resources

Training and Certification | Qualys, Inc. 

Training Library: Reporting Strategies | Qualys, Inc. 

Training Library: AssetView and Threat Protection | Qualys, Inc. 

 

Help Links

Identify your Qualys Platform 

POD - 1 - Apply Tags to Organize Your Assets

POD - 2 - Apply Tags to Organize Your Assets

POD - 3 - Apply Tags to Organize Your Assets

 

Miscellaneous (but still valuable resources) Links

Qualys Platform Status 

Qualys Suite Release Notes 

Qualys Blog 

Qualys SSL Labs 

The Laws of Vulnerabilities

Security Labs

Qualys Technology 

Qualys News 

Contact Qualys Support - Technical Assistance Inquiry Form 

 

Dashboard JSON Resources

Dashboard Toolbox - How To - Importing Dashboard and Widget JSON files > Enable Historical Data Collection 

 

Vulnerability Management Dashboards

dashboard_vm vmdb_beta vmdashboard_json

The list below highlights is a sampling of some popular AssetView dashboards.  This is by no means a complete list of Vulnerability Management dashboard resources, which is why I have provided a link to the label to help you find more...  Dashboard Toolbox - How To - Import a Dashboard json 

 

Vulnerability Management Dashboard BETA Closed with the Release of Portal 3.0

Cloud Platform (QWEB 10.0, Portal 3.0)

-----

Dashboard Toolbox - VM DASHBOARD: How To Enable the BETA Dashboard within the Qualys UI 

Dashboard Toolbox - VM DASHBOARD: Scorecard Dashboard v2  Updated Apr 01, 2020

Dashboard Toolbox - VM DASHBOARD: Total Unremediated (OPEN) Scorecard v2   Updated Apr 02, 2020

Dashboard Toolbox - VM DASHBOARD: QLYS - TTL Closed (FIXED or IGNORED) Scorecard v2  Updated Apr 03,2020

Dashboard Toolbox - VM DASHBOARD: Top 10 Vulnerabilities Scorecard v2  Updated Apr 02, 2020

Dashboard Toolbox - VM DASHBOARD: Top 10 Assets Scorecard v2 Updated Apr 08, 2020

Dashboard Toolbox - VM DASHBOARD: Target Assessment Dashboard v2  Updated Apr 21, 2020

Dashboard Toolbox - VM DASHBOARD: Health Host Scan Time Management (v1.1)  

Dashboard Toolbox - VM DASHBOARD: [RTI] Real-Time Threat Indicator Dashboard v2  Updated Apr 29, 2020

Dashboard Toolbox - VM DASHBOARD: Severity 1 thru 5  & Threat Protection (RTI) 

Dashboard Toolbox - VM DASHBOARD: Top 5 Vendor Open Vulns Sev3-5 Assessment Dashboard v2  Updated Apr 29, 2020

QID Tracking Dashboard: .NET Framework Service Packs - All of a Sudden

Adobe Product Dashboard: Qualys API - List Assets by Vulnerability Title

Dashboard Toolbox - VM DASHBOARD: PCI Compliance Vulnerability Exposure Dashboard 

Dashboard Toolbox - VM DASHBOARD BETA: [Tags.Name] Confirmed Sev 3- 5 Excl NRK 90D 

Dashboard Toolbox - VM DASHBOARD BETA: Windows 7 Confirmed/Potential Sev 3-5 90D Assessment  

Dashboard Toolbox - VM DASHBOARD BETA: Cisco Vendor Only Confirmed/Potential Sev 3-5 90D Assessment 

Dashboards and Reporting: Apache Struts RCE Vulnerabilities: CVE-2017-5638 and CVE-2018-11776 

Dashboard Toolbox - VM DASHBOARD BETA: Microsoft 2018 Patch Tuesday (QID Based) VM Dashboard 

Dashboard Toolbox - VM DASHBOARD: 2019 Patch Tuesday (QID Based) VM Dashboard - New Format Version 3.0  

Dashboard Toolbox - Query for URGENT/11 

Dashboard Toolbox - VM DASHBOARD: QID 91563 (SevenMonkeys) 

Dashboard Toolbox - VM DASHBOARD: QID:91534 - CVE-2019-0708 - (BlueKeep) 

Dashboard Toolbox - VM DASHBOARD: FEDRAMP - Vulnerability Mitigation by SLA   

Dashboard Toolbox - VM DASHBOARD: QID 316494 - CISCO IOS XE Software Authentication Bypass Widget 

Dashboard Toolbox - VM DASHBOARD: 2019 September Microsoft Out of Band (OOB) Security Updates  

Dashboard Toolbox - VM DASHBOARD: PHP RCE Vulnerability (CVE-2019-11043)  

Dashboard Toolbox - VM DASHBOARD: Trust but Verify  

Dashboard Toolbox - VM DASHBOARD: OpenBSD Authentication Bypass Vulnerability 

Dashboard Toolbox - VM DASHBOARD: OpenBSD Vulnerabilities   

Dashboard Toolbox - VM DASHBOARD: OpenBSD Local Privilege Escalation Vulnerability 

Dashboard Toolbox - VM DASHBOARD: TOP 19 CVEs - 2019yr 

Dashboard Toolbox - VM DASHBOARD: A Decade of Microsoft Patch Tuesday QIDs (2010-2019) 

Dashboard Toolbox - VM DASHBOARD: QID 372305: Citrix ADC And Citrix Gateway Arbitrary Code Execution Vulnerability(CTX267027)  

Dashboard Toolbox - VM DASHBOARD: QID 372325 - Critical Mozilla Firefox Vulnerability (mfsa2020-03)     

Dashboard Toolbox - VM DASHBOARD: 2020 Patch Tuesday (QID Based) VM Dashboard v2  Updated May 14, 2020

Dashboard Toolbox - VM DASHBOARD: Microsoft CryptoAPI Spoofing (CVE-2020-0601) v2

Dashboard Toolbox - VM DASHBOARD: ESU & EOL View Win-7 / Win SRV 2K8-R2

Dashboard Toolbox - VM DASHBOARD: GHOSTCAT | QID: 87413 Apache Tomcat AJP File Inclusion Vulnerability | CVE-2020-1938  New March 3, 2020

Dashboard Toolbox - VM DASHBOARD: Microsoft RCE SMBv3 Advisory-CVE-2020-0796  New March 12, 2020

Dashboard Toolbox - VM DASHBOARD: QID: 91617 | Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability (ADV200006) (Zero Day)  New March 25, 2020

Dashboard Toolbox - VM DASHBOARD: QID: 372477 | Zoom Client Multiple Vulnerabilities New April 06, 2020

Dashboard Toolbox - VM DASHBOARD: Top 10 Routinely Exploited Vulnerabilities | Alert (AA20-133A)  New May 15, 2020

 

 

AssetView Dashboards

dashboard_av  avdashboard_json dashboard_assetview

The list below highlights are samplings of some popular AssetView dashboards.  This is by no means a complete list of AssetView dashboard resources, which is why I have provided a link to the label to help you find more...  

Dashboard Toolbox - Asset View: How To - Import a Dashboard json 

Dashboard Toolbox - AssetView: EOL AssetView Widget

Dashboard Toolbox - AssetView: EOL AssetView Widget 

Dashboard Toolbox - AssetView: EOL/Obsolete Software & RTI MGMT (v1.0) 

Dashboard Toolbox - AssetView: Performance Management (v1.1) 

Dashboard Toolbox - AssetView: Scanning Activity Management (v1.0) 

Dashboard Toolbox - AssetView: Open Ports Management & RTI (v1.0) 

Dashboard Toolbox - AssetView: Host Scan Time Management (v1.1) 

Dashboard Toolbox - AssetView: Windows Authentication Management (v1.4) 

Dashboard Toolbox - AssetView: Cloud Agent Management Enterprise View v1.3 

Dashboard Toolbox - AssetView: SSL/TLS MGMT Dashboard (v1.0) 

AssetView Dashboards Continued - SLAs and Management Information

Dashboard Toolbox - AssetView: QID 91534 - CVE-2019-0708 (BlueKeep) 

Dashboard Toolbox - AssetView: QID 91563 (SevenMonkeys) 

Dashboard Toolbox - AssetView: Cloud Agent Management Enterprise View v1.3 

 


Recommended Community Documents and Customer Posts

The table below highlights community documents and customer posts that address some of the most common dashboards and reporting questions received from our community members.

IMPORTANT: This is by no means a complete list of documents or posted resources, this is why I chose to post "Search Community Tags [Labels] to Find Relevant Posts" at the top.

 

PS. You won't have to scroll back to the top of this page to find the tags as they are provided in the header row of the table below. 

 

Dashboarding

dashboard_features dashboard_howto dashboard_ideation 

dashboard_toolbox dashboard_assetview dashboard_query 

dashboard_json vmdb_patchtuesday_widget vmdb_beta vmdashboard_json dashboard_av avdashboard_json dashboard_ai 

Reporting

reporting_features reporting_howto 

reporting_ideation reporting_toolbox

Discrepancy Management

discrepancy_mgmt 

reporting_discrepancy

 Dashboard Toolbox: Dashboarding Best Practices FAQ 

Reporting Toolbox: Reporting Best Practices FAQ 

Dashboard Toolbox: Dashboarding Best Practices FAQ 

Reporting Toolbox: Reporting Best Practices FAQ 

Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA [CLOSED]  

 REPORTING TOOLBOX: New Self-Paced Class: Reporting Strategies and Best PracticesSuch Wild Differences From Asset Search and AssetView

Dashboard Toolbox - VM DASHBOARD BETA: Issue Reporting [CLOSED] 

Reporting Toolbox - Trust, but Verify: Focused Search Lists v1.5  Asset Discrepancy 
Dashboard Toolbox - VM DASHBOARD BETA - Bug: DiscrepanciesCVE Report Purging: What, why, when, how, what happens to the data? 

Dashboard Toolbox - Improving Dashboard Performance through Query Formatting

Leveraging CVEs for Reporting and Analysis Understanding Entity IDs in VM 
Dashboard Toolbox - VM DASHBOARD BETA - Bug: vulnerabilities.status token options [FIXED]Creating a Spectre/Meltdown Search Lists, Scan Option Profile, Remediation Tracking, and Patch Reports What's the API to list all Asset ID's 
Dashboard Toolbox - VM DASHBOARD BETA - Bug: Vulnerability Detail Content InaccuraciesReporting Toolbox - Best Practice: Always Report on EOL Product QIDs Dashboard Toolbox - VM DASHBOARD BETA - Discrepancy: Vulnerability Query Formatting and Use of the NOT clause 

Looking for syntax, variable, and object Guide for Qualys queries 

How Do I Export Comments from Remediation Tickets?  
Dashboard Toolbox - VM DASHBOARD BETA - Bug: vulnerabilities.vulnerability.exploitability token [OPEN]How do I generate a report of vulnerabilities fixed in a specific period of time? 
Dashboard Toolbox - VM DASHBOARD BETA - FYI: vulnerabilities.vulnerability.published token [OPEN]Asset Tags: Are You Getting The Best Value? 
Dashboard Toolbox - AssetView: EOL AssetView Widget Reporting Toolbox: Known Issue with Scorecard Most Vulnerable Hosts Top X Reports
Dashboard - Vulnerabilities by asset group 

Qualys Severity Score vs CVSS Scoring  

 

Dashboard Toolbox - VM DASHBOARD: Mapping of VM Search List Criteria to VM Dashboard Tokens v2  Updated Mar 31, 2020

Exploitable unauthenticated vulnerabilities 

Dashboard Toolbox - VM DASHBOARD BETA: How to Create a Query to Track Microsoft Windows Security Update Monthly Patch Release Risk 

Create Dynamic Tag finding specific AWS tagged instances using API 

Dashboard Toolbox - NEW IG QIDs for Microsoft OS...Enrich Your Queries 

Emailing Reports 

Dashboard Toolbox - VM DASHBOARD BETA - Bug: vulnerabilities.vulnerability.exploitability token [CLOSED]  

Best Practice Subscription Maintenance: Opt-In Vulnerability Management Asset Housekeeping Subscription Support Options 

DASHBOARD TOOLBOX - Token Removal: vulnerabilities.vulnerability.exploitability - Details Within  

Reporting Toolbox: Creating Dynamic Search Lists via APIv2 

Cloud Agent Last Checked In vs Last Activity Behavior - Feb 2019 

Best Practice for Executive Reporting 

Dashboard Toolbox - Token Use Cases 

Threat Protection Module 

Understanding "Last Scanned" date and "Vulnerabilities" Fields | Container Security 

Simple Report "Host Not Alive"? 

In Beta VM Dashboard - Any way to export data yet? 

Is there a (Report Template) option to include vulnerability AGE?  

Dashboard Toolbox - How To - Importing Dashboard and Widget JSON files > Enable Historical Data Collection 

Reporting Toolbox: Schema for Qualys Enterprise Reporting 

Ignore or disable vulnerability 

Downloading Reports by Name via Python 

Cloud Agent Last Checked In vs Last Activity Behavior - Feb 2019 

Getting the list of IPs that were never scanned in Vulnerability Management 

Assets that have not checked in New Apr 21, 2020

Vulnerabilities fixed within a time period  

Reporting Toolbox - Policy Compliance: Age of Pass/Fail Detection (View History of Control Status Changes)

Cloud Agent Last Checked In vs Last Activity Behavior - Feb 2019 

 

Important Related Blog Post

 

https://blog.qualys.com/technology/2020/04/01/qualys-cloud-platform-10-0-new-features New Apr 1, 2020

 

Excerpt Image:

 

 

This is a Qualys curated page.  

 

Please feel free to comment and make suggestions for content below.  DMFezzaReed will review and acknowledge both a minimum of once each week.

 

 

 

 

5 people found this helpful

Attachments

    Outcomes