Dashboard Toolbox - VM DASHBOARD BETA: Microsoft 2019 Patch Tuesday (QID Based) VM Dashboard - New Format Version 3.0

Document created by DMFezzaReed

on May 17, 2019•Last modified by DMFezzaReed

on Dec 11, 2019

Version 24Show Document

Like • Show 4 Likes4
Comment • 7
View in full screen mode

Dashboard Toolbox - VM DASHBOARD BETA: Microsoft 2019 PContent Added Monthly - Check Back for Updatesatch Tuesday (QID Based) VM Dashboard - New Format Version 3.0

This page contains information to create a Microsoft 2019 Patch Tuesday VM Dashboard leveraging data in your Qualys Vulnerability Management subscription.

This dashboard is part of the New VM Dashboard Beta program is not intended for production use, and subject to modification without notice. If you have any questions regarding the content, please comment below or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc.

The widgets in this dashboard are based on the following base query:

VULNERABILITY:

vulnerabilities.vulnerability:(qid:XXXXXX OR qid:XXXXXX OR qid:XXXXXXX)

Consider the possibilities for this dashboard. It could be updated to report by status (vulnerabilities.status: [NEW,ACTIVE,REOPENED,FIXED]), or patchable vs. configuration (vulnerabilities.vulnerability.patchAvailable: TRUE/FALSE). For examples of widgets using these tokens, please visit Dashboard Toolbox - Top 10 Vulnerabilities Scorecard BETA.

To create the query string I am now leveraging the monthly Security Alerts posts that include the QIDs associated with Microsoft and Adobe on Patch Tuesday. NOTE: This is a workaround until the development process catches up to customer feature requests. I suggest bookmarking this page for future reference.

Well that's a wrap for the Microsoft 2019 Patch Tuesday. I hope you found this dashboard of use. See you again around January 15, 2020 when we'll begin Microsoft 2020 Patch Tuesday! Have a wonderful, safe, happy, and healthy holiday season my friends.

CHANGELOG:

2019-12-11: Refreshed QLYS - Microsoft 2019 Patch Tuesday 2019 Dec VMdashboard and added 2019 Dec widgets

2019-11-13: Refreshed QLYS - Microsoft 2019 Patch Tuesday 2019 Nov VMdashboard and added 2019 Nov widgets.

2019-10-09: Refreshed QLYS - Microsoft 2019 Patch Tuesday 2019 Oct VMdashboard and added 2019 Oct widgets. Also attached herein three (3) Windows Authentication related JSON files should anyone would like to add them to their dashboard.

2019-Sep-12: Refreshed JSON for QLYS - Microsoft 2019 Patch Tuesday 2019 Sep VMdashboard and added 2019 Sep widgets.

2019-Aug-19: Changed query logic from CVE focused to QID focused leveraging Security Alerts for a concise list of QIDs for patch tuesdays.

2019-Aug-13: Refreshed QLYS - Microsoft 2019 Patch Tuesday 2019Aug VMdashboard and added 2019_Aug_-_93_CVEs,_1_ADVs_-_TOP_50_VMwidget.json

2019-Jul-19: Added all new QLYS - Microsoft 2019 Patch Tuesday Monthly Top 50 Widgets with filtering enabled and refreshed QLYS - Microsoft 2019 Patch Tuesday 2019July VMdashboard with my apologies for the delay.

2019-Jun-12: Added QLYS - Microsoft 2019 Patch Tuesday 201906 VMwidget.zip and refreshed QLYS - Microsoft 2019 Patch Tuesday VMdashboard.zip.

Demonstration Image(s)

QUERIES

JANUARY, 2019

vulnerabilities.vulnerability:(qid:`100351` OR qid:`110328` OR qid:`53020` OR qid:`91493` OR qid:`91494` OR qid:`91495` OR qid:`91496` OR qid:`91497` OR qid:`91498` OR qid:`13388` OR qid:`371400`)


FEBRUARY, 2019

vulnerabilities.vulnerability:(qid:`100359` OR qid:`100360` OR qid:`110330` OR qid:`371640` OR qid:`53021` OR qid:`91502` OR qid:`91503` OR qid:`91504` OR qid:`91505` OR qid:`371638` OR qid:`371645` OR qid:`371646` OR qid:`371647`)


MARCH, 2019

vulnerabilities.vulnerability:(qid:`100363` OR qid:`100364` OR qid:`110332` OR qid:`91509` OR qid:`91510` OR qid:`91511` OR qid:`91512` OR qid:`91513` OR qid:`91514` OR qid:`371690` OR qid:`371691`)


APRIL, 2019

vulnerabilities.vulnerability:(qid:`100365` OR qid:`100367` OR qid:`110333` OR qid:`50091` OR qid:`91520` OR qid:`91521` OR qid:`91522` OR qid:`91523` OR qid:`91524` OR qid:`91525` OR qid:`371729` OR qid:`371731` OR qid:`371732` OR qid:`371733` OR qid:`371734`)


MAY, 2019

vulnerabilities.vulnerability:(qid:`371777` OR qid:`371780` OR qid:`371781` OR qid:`110334` OR qid:`91530` OR qid:`91528` OR qid:`22004` OR qid:`91529` OR qid:`91533` OR qid:`91531` OR qid:`91527` OR qid:`91526` OR qid:`100371` OR qid:`100370` OR qid:`91532`)


JUNE, 2019

vulnerabilities.vulnerability:(qid:`100372` OR qid:`100373` OR qid:`110335` OR qid:`50093` OR qid:`91543` OR qid:`91544` OR qid:`91545` OR qid:`371835` OR qid:`371836`)


JULY, 2019

vulnerabilities.vulnerability:(qid:`100374` OR qid:`110336` OR qid:`20116` OR qid:`50094` OR qid:`91548` OR qid:`91549` OR qid:`91550` OR qid:`91551` OR qid:`91552` OR qid:`91553` OR qid:`371990`)


AUGUST, 2019

vulnerabilities.vulnerability:(qid:`100381` OR qid:`110337` OR qid:`91558` OR qid:`91559` OR qid:`91560` OR qid:`91561` OR qid:`91562` OR qid:`91563` OR qid:`372051` OR qid:`372052` OR qid:`372053`)


SEPTEMBER, 2019

vulnerabilities.vulnerability:(qid:`100386` OR qid:`100387` OR qid:`110338` OR qid:`50095` OR qid:`91568` OR qid:`91570` OR qid:`91571` OR qid:`91572` OR qid:`91573` OR qid:`91574` OR qid:`91575` OR qid:`372106`)


OCTOBER, 2019

vulnerabilities.vulnerability:(qid:`100389` OR qid:`110339` OR qid:`372148` OR qid:`91578` OR qid:`91579` OR qid:`91580` OR qid:`91581` OR qid:`91582`)


NOVEMBER, 2019

vulnerabilities.vulnerability:(qid:`91588` OR qid:`91587` OR qid:`91586` OR qid:`91585` OR qid:`50096` OR qid:`372209` OR qid:`372208` OR qid:`110340` OR qid:`100390`)


DECEMBER, 2019

vulnerabilities.vulnerability:(qid:`100398` OR qid:`110341` OR qid:`91589` OR qid:`91590` OR qid:`91591` OR qid:`91592` OR qid:`91593` OR qid:`13637` OR qid:`372283` OR qid:`372284` OR qid:`372285`)

If you're interested, you may also wish to add these three (3) additional widgets: ^New

Top 50 Windows Assets Pending Reboot
Top 50 Windows Auth Not Attempted
Top 50 Windows Auth Failed

Demonstration Image(s)

QUERIES ^New

Windows Pending Reboot:

 >>>>> vulnerabilities.vulnerability.qid:90126


Windows Authentication Not Attempted:

 >>>>> vulnerabilities.vulnerability.qid:105296


Windows Authentication Failed:

 >>>>> vulnerabilities.vulnerability.qid:105015

Attachments

Outcomes

7 Comments

Joseph Miller Sep 9, 2019 7:45 AM
Thanks for this. I have taken your work one step further and added a widget for each month to show vulnerability status. Active. New, ReOpened and Fixed.

2 people found this helpful
Like • Show 2 Likes2
Actions
- DMFezzaReed @ Joseph Miller on Sep 9, 2019 1:02 PM
  mill25joe - That's a great idea. Would you consider exporting your dashboard to json, zip it, and sent it to me (DMFezzaReed) so that I don't have to go back and create widgets for the past 8 months (since you've already done the work)? Then I will provide both widgets moving forward starting with this month.
  
  When you export your dashboard, remember to leave Expose Sensitive Information UNCHECKED:
  
  1 person found this helpful
  Like • Show 2 Likes2
  Actions
  - DMFezzaReed @ DMFezzaReed on Sep 10, 2019 5:55 PM
    Joe,
    
    Thanks for sharing your dashboard. I often struggle to recall why I do things…I am an effective multi-tasker, but my memory just isn’t what it used to be
    So I downloaded and then imported your dashboard, and, I remembered why I chose not to include the pie chart.
    The table widget supports Top 10, 25, and 50.
    The pie/doughnut widget supports Top 3, 5, and 10.
    Here's the rub: many Patch Tuesday’s include > 10 QIDs, so Top 10 isn’t always going to be enough, and I didn’t want the widgets (table to pie) to report different numbers and have our customers believing there’s a discrepancy.
    
    Make sense?
    
    So I would recommend a table grouped by Vulnerability Status:
    
    I am working on the new dashboard, Jan-Sep, 2019 with two tables per month. I will work to have it published, using query by QID (vs. CVE) and some time tomorrow.
    
    Thanks again for your willingness to share. Sharing is caring
    1 person found this helpful
    Like • Show 0 Likes0
    Actions
Joseph Miller Sep 11, 2019 7:49 AM
Debra,
The widget I create is not separating them by vulnerability. It is simply reporting on the total Fixed, Active, New and Reopened vulnerabilities for the entire group for vulnerabilities. So a limit of 5 is okay as we only have 4 possible values (Active, New, ReOpened, and Fixed). If you are ignoring a vul because it is not worth fixing (Risk Acceptance) then ignoring the Qid or Removing it from the query would accurately depict your numbers (FYI..l am nowhere near that level of maturity in my program but its a goal ). I do like your idea or a table the shows fixed for each vulnerability in the monthly release. That is a greater level of detail that I can share with the patchers. I will explore that. Thanks. Love the BrainStorming as it always get the creative juices flowing.

Joe
1 person found this helpful
Like • Show 1 Like1
Actions
- DMFezzaReed @ Joseph Miller on Sep 13, 2019 1:16 PM
  This month I added a Count widget, with trending that compares Open (New, Active, Reopened, Fixed) and All (New, Active, Reopened, Fixed) and a table to breaks out statuses by MS Patch Tuesday release month.
  
  Based on Qualys Guidance to configure a scan profile to perform a selective vulnerability scan, use the following options:
  Ensure access to TCP ports 135 and 139 are available.
  If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
  
  Do you see any value in adding summary (not monthly) widgets to demonstrate TOP 50 assets with TCP/135, TCP/139, UDP/137 ports as closed?
  Do you see any value in adding summary (again, not monthly widgets) to count QID 82044, and QID 105015?
  I could add them to the top or the bottom?
  
  I'm always interested in what my community followers think, so please share your thoughts about 1-3 above.
  
  I don't want to add information to the dashboard that the majority might view as "noise" or clutter. The goal is to add value.
  1 person found this helpful
  Like • Show 0 Likes0
  Actions
Rusty Qualyz Sep 16, 2019 7:03 AM
Debra,

I like the Dashboard, but had a question. For some of my widgets they show a REOPENED. Is there anything in Qualys that tells why it was re-opened? Just curious.
1 person found this helpful
Like • Show 2 Likes2
Actions
- DMFezzaReed @ Rusty Qualyz on Sep 16, 2019 2:03 PM
  Hi Rusty,
  
  A detection has a lifecycle.
  
  NEW = First Time Detected (ever), occurs once, and only once for a specific combination of IP, QID and Port.
  ACTIVE = Detected in 2 or more consecutive scans on a specific combination of IP, QID, and Port.
  This status is reported after NEW or REOPENED status is reported and will continue to report until FIXED is reported.
  FIXED = Not detected in the very last scan, on a specific combination of IP, QID and Port.
  This status can occur following NEW, ACTIVE or REOPENED and can be achieved multiple times over, hence the reason for Last Fixed Date.
  FIXED means the
  REOPENED = First time detected following a FIXED status result on a specific combination of IP, QID and Port.
  REOPENED will appear only ONCE after a previous scan returned a FIXED status, all subsequent detections will be marked ACTIVE until FIXED is reported.
  This status can occur more than once, hence the reason for Last Reopened Date.
  IMPORTANT: Vulnerability detections scans are a snapshot in time. If you see a QID "flapping" between ACTIVE > REOPENED > FIXED additional research into the detection and asset status is needed.
  
  NEW, ACTIVE, REOPENED = OPEN, unmitigated, potentially exploitable risk.
  FIXED = CLOSED, potentially exploitable risk was not detected in the very last scan occurrence.
  2 people found this helpful
  Like • Show 1 Like1
  Actions

Dashboard Toolbox - VM DASHBOARD BETA: Microsoft 2019 Patch Tuesday (QID Based) VM Dashboard - New Format Version 3.0

Dashboard Toolbox - VM DASHBOARD BETA: Microsoft 2019 PContent Added Monthly - Check Back for Updatesatch Tuesday (QID Based) VM Dashboard - New Format Version 3.0

QUERIES

QUERIES ^New

Related Qualys Blog Posts

IMPORTANT: Importing Dashboard and/or Widget JSON files - Enable historical data collection

Attachments

Outcomes

Related Content

Recommended Content

Incoming Links

Dashboard Toolbox - VM DASHBOARD BETA: Microsoft 2019 PContent Added Monthly - Check Back for Updatesatch Tuesday (QID Based) VM Dashboard - New Format Version 3.0

QUERIES

QUERIES New

Related Qualys Blog Posts

IMPORTANT: Importing Dashboard and/or Widget JSON files - Enable historical data collection

Attachments

Outcomes

QUERIES ^New