Reporting Toolbox: Reporting Best Practices FAQ

Document created by DMFezzaReed Employee on Dec 7, 2018Last modified by DMFezzaReed Employee on Jan 27, 2020
Version 10Show Document
  • View in full screen mode

The page provides a fluid documentation resource for Reporting Best Practices within the Qualys suite of products.


Functional Reality & Purpose

Some considerations...

  • Qualys UI Reporting is intended to generate human-readable reports, not for exporting every vulnerability from a subscription
  • Qualys UI Reporting is not designed for large scale data exports. Qualys provides APIs for large data exports e.g. exporting every vulnerability from a subscription. To learn more, view the latest API documentation.


The art of creating useful, human-readable reports (easy to read, understand, and prioritize) is accomplished by leveraging Host Based report templates configured with

  • targeted asset groups and/or tags (avoid All group), and
  • leveraging focused search lists and/or queries


Dashboard and Reporting are two sides of the same coin – the coin being Data Visualization – 

Side 1: interactive (dashboard), or,

Side 2: batch (reporting). 


Reporting - It's all about the plan


Tiered ReportingC-Level, VP-Level, D-Level, Manager, Technical SME-Level
Lines of Business within your OrganizationCorporate, Subsidiary, Divisional, Regional, Branch
Infrastructure/Network SegmentsInternal/External/DMZ, OnPrem/Cloud, Production, Pre-Production, QA, Test, Development, Sandboxed
Technical/Remediation Team structure(s)Hardware/Software/Out-of-Band (Mgmt XFace), Operating System, Application, Database, Network, Server, Client Endpoint, Wireless, Internal/External/DMZ, Web Apps, Appliance, Physical, Virtual, Domains, etc.


Reporting - Tips for Success


Align your reporting search lists with Client Security policies, standards and guidelines.
Reporting routine should coincide with scanning routine - if you scan weekly, report weekly.
Maintain a consistent reporting structure over time for improved trending results.  
Reports always collect the most recent scan results; therefore, purging outdated (obsolete) host scan results data is critical.
Engage report consumers frequently and assess how reports can be best aligned with maintenance processes.
Focused Host-Based reports are much more efficient than Scan Based reports.
Use Our New Dashboards! Click here to learn Dashboarding Best Practices.  
Dashboards are interactive reports…so there's no need to change the approach between reporting and dashboarding schemas.
Consider leveraging the Qualys API to create a hybrid report archival program.
Take advantage of Qualys API integrations (e.g. Splunk)


Common Reporting Questions


What is the maximum number of Assets I can generate a report on?

There's no hard limit on the maximum number of assets that can be reported on. Primarily it is the number of assets and the number of detections associated with those assets that affect the report generation. For example, a report on <N> assets may generate successfully if the scope of detections is limited to only severity 5 vulnerabilities. But a report with same asset scope may fail if all vulnerabilities are requested.


What are the factors that may lead to Report generation failure?

The 2 key factors that impact the success rate for report generation are:
1) the amount of data the Qualys Cloud Platform has to process, and
2) the amount of data that has to be published on the output file


Let's consider this report example:
Say you'd like to create a Report including a Trending Graph. The graph in the report does not increase the size of the output file by much, but the amount of transitional data for each detection for each asset the Qualys platform has to process to build that Trending Graph increases by many folds. Further, if detections have a long history with high volume of transitions, the Qualys platform now has to process a lot more data for the same number of detections. This could severely impact the success rate for report generation.


Suggestion: Reduce the trending period and/or apply vulnerability filtering and/or apply asset filtering. All these actions will reduce the data the Qualys platform has to process and increase the success rate.



Reporting Resources


Reporting on Qualys Community

Easily get helpful tips for finding topics of interest. You can use labels to find posts related to Dashboards, Qualys Query Language (QQL), how-tos and ideation.


Sign up for our Self Paced Training

Our Reporting Strategies and Best Practices self-paced training course gives you Qualys product expertise and tips on reporting and dashboarding.


Reporting Toolbox: Schema for Qualys Enterprise Reporting 

Aligning Corporate Security Policies and Standards with Selective Data Collection and Multi-Level, Multi-Focus Reporting


Reporting Toolbox - Trust, but Verify: Focused Search Lists v1.5 

This page contains a number of reporting search lists that when added to a routine reporting cycle will help to support a successful Vulnerability Management program. Adding these focused search lists to your routine reporting cycle (daily, weekly, monthly, quarterly, etc) will make it possible to track, and quickly spot check, relevant indicators in your environment.



Reporting Tag Search



(Not Application Specific)

reporting_ideationIdeation is the formation of ideas or concepts.  This tag is meant to track collaboration posts where we are sharing ideas and thoughts on how we might approach a use case or something along that line of thought.
reporting_toolboxA Toolbox is a box or container for keeping tools in. In computing, a toolbox is a set of software tools or a set of programs or functions accessible from a single menu.
reporting_howtoHow-to provides detailed and practical advice. This tag would be attached posts that offer "To accomplish A, do this..."
reporting_features Features are distinctive attributes or aspects of something.  This is meant to track posts that discuss the features of our dashboard application interface.  


A discrepancy is when there is a difference between two things that are believed should be alike.  Only through collaborative investigation, assessment, and understanding can a discrepancy be addressed.




Back to Dashboards and Reporting Resources - Start Here