The page provides a fluid documentation resource for Dashboard Best Practices within the Qualys suite of products.
Functional Reality & Purpose
All dashboards are not created equal
The historical data content is not the same from one application dashboard to another - be sure to specify date/time in queries: lastVmScanDate, lastPcScanDate, lastCheckedIn, firstFound, lastFound
Comparing dashboarding and reporting data is not as cut and dry as you might think - be sure to understand the data, proper query formatting and proper search list use.
Dashboard and Reporting are two sides of the same coin – the coin being Data Visualization –
Side 1: interactive (dashboard), or,
Side 2: batch (reporting).
Dashboarding - It's all about the plan
|Tiered Reporting||C-Level, VP-Level, D-Level, Manager, Technical SME-Level|
|Lines of Business within your Organization||Corporate, Subsidiary, Divisional, Regional, Branch|
|Infrastructure/Network Segments||Internal/External/DMZ, OnPrem/Cloud, Production, Pre-Production, QA, Test, Development, Sandboxed|
|Technical/Remediation Team structure(s)||Hardware/Software/Out-of-Band (Mgmt XFace), Operating System, Application, Database, Network, Server, Client Endpoint, Wireless, Internal/External/DMZ, Web Apps, Appliance, Physical, Virtual, Domains, etc.|
Warning - At this time, Dashboard and Widget JSON files are not interchangeable between application dashboards, meaning AssetView json files may only be used in AssetView and Vulnerability Management json files may only be used in Vulnerability Management. If you import a widget by mistake from one app to another, please contact Qualys Support.
Dashboarding - Tips for Success
|Dashboards are interactive reports…so there's no need to change the approach between reporting and dashboarding schemas.|
|Align your Dashboard Queries with Client Security policies, standards and guidelines.|
|Engage Dashboard consumers frequently and assess how Dashboards can be best aligned with maintenance processes.|
|Dashboards always collect the most recent scan results; therefore, purging outdated host scan results data is critical.|
|Maintain consistent Widget structure to leverage the 90-day trending option.|
|Dashboard routine should coincide with scanning routine - if you scan weekly, report weekly. (NOW-7D)|
|Take advantage of Qualys API integrations (e.g. Splunk) for need-to-know dashboard management. (RBAC)|
Feature and Functionality FAQs New 02-28-2019
- We will have "ignored" in Elasticsearch (ES) in the new Vulnerability Management dashboards, but the flag is only set if the system is rescanned.
QIDs disabled in the Knowledge Base (KB) those don't flow into ES, as they get removed from the sync, and they never come back as being applied to the asset. If a QID is disabled, we don't look for it.
- The dashboard trend graphs are not meant to be an audit-ready method of tracking data over time. The data is too volatile for that, as it can easily be wiped with a widget change. It is designed to be a visual indicator that something changed, so a major change in the widget count can be noticed. It only provides context for the count, because, without it, you only have a current-state number.
Easily get helpful tips for finding topics of interest. You can use labels to find posts related to Dashboards, Qualys Query Language (QQL, how-tos and ideation.
Our Reporting Strategies and Best Practices self-paced training course gives you Qualys product expertise and tips on reporting and dashboarding.
Back to Dashboarding and Reporting