Dashboard Toolbox - VM DASHBOARD: 2020 Patch Tuesday (QID Based) VM Dashboard v2

Document created by DMFezzaReed Employee on Dec 11, 2019Last modified by DMFezzaReed Employee on May 14, 2020
Version 15Show Document
  • View in full screen mode

Content Added Monthly - Check Back for Updates

 

This page contains information to create a Microsoft 2020 Patch Tuesday VM Dashboard leveraging data in your Qualys Vulnerability Management subscription. 

 

IMPORTANT

 

In a recent meeting it was brought to my attention that folks have been importing the entire dashboard with each monthly update which causes the loss of the the 90-day trend for the previous month. 

 

I have designed the content of this site to support new dashboard users as well as long-term users.

  • If you are a new dashboard user, you will want to download the QLYS_-_2020_Patch_Tuesday_QIDs_MTH_VMdashboard.json
  • If you have already imported the base dashboard, and you want to preserve the trend data for the previous month(s) widgets, you will want to download the new monthly widgets to update your dashboard:
    • MTH_2020_-_XX_QIDS,_XX_CVEs_-_Top_50_VMwidget.json
    • 2020_MTH_Open_Count_VMwidget.json
    • 2020_MTH_Status_VMwidget.json

 

 

April 2020: In preparation for GA release, this dashboard has been reviewed and improved to leverage current product functionality.

 

Vulnerability Management Dashboard BETA Closed with the Release of Portal 3.0

Cloud Platform (QWEB 10.0, Portal 3.0)

 

The widgets in this dashboard are based on the following base query:

 

VULNERABILITY: 

vulnerabilities.vulnerability:(qid:XXXXXX OR qid:XXXXXX OR qid:XXXXXXX)

 

Consider the possibilities for this dashboard.  It could be updated to report by status (vulnerabilities.status: [NEW,ACTIVE,REOPENED,FIXED]), or patchable vs. configuration (vulnerabilities.vulnerability.patchAvailable: TRUE/FALSE).  For examples of widgets using these tokens, please visit Dashboard Toolbox - Top 10 Vulnerabilities Scorecard BETA.

 

To create the query string I am now leveraging the monthly Security Alerts posts that include the QIDs associated with Microsoft and Adobe on Patch Tuesday. NOTE: This is a workaround until the development process catches up to customer feature requests.  I suggest bookmarking this page for future reference.

 

CHANGELOG:

 

DMFezzaReed 2020-05-14: Added Updated 2020 Dashboard and May 2020 json files.  No changes have been made to the two additional zip files containing a windows related widgets our customers may wish to include in their version of the dashboard. PS. I apologize for the delay this month.  I must have lost my head

DMFezzaReed 2020-04-15: Added Updated 2020 Dashboard and April 2020 json files.  No changes have been made to the two additional zip files containing a windows related widgets our customers may wish to include in their version of the dashboard.

DMFezzaReed 2020-03-11: Updated dashboard sample image and comments.

DMFezzaReed 2020-03-11: Added Updated 2020 Dashboard and March 2020 json files.  No changes have been made to the two additional zip files containing a windows related widgets our customers may wish to include in their version of the dashboard.

DMFezzaReed 2020-02-19: Reattached Top_50_Windows_Assets_Pending_Reboot_VMwidget.zip and WindowsAuthWidgetBundle.zip files to this post.  I must have deleted them while performing the 02/12 updates, my apologies.

DMFezzaReed 2020-02-12: Added Updated 2020 Dashboard and February 2020 json files.  No changes have been made to the two additional zip files containing a windows related widgets our customers may wish to include in their version of the dashboard.

DMFezzaReed 2020-02-05: Refreshed JSON attachments to correct a typo.

DMFezzaReed 2020-01-15: Added New 2020 Dashboard and January 2020 json files.  Attached two additional zip files containing a windows related widgets our customers may wish to include in their version of the dashboard.

 

     

-----

MONTHLY WIDGET BASE QUERIES Updated May 14, 2020

JANUARY, 2020

vulnerabilities.vulnerability:(qid:`100399` OR qid:`110343` OR qid:`91595` OR qid:`91596` OR qid:`91597` OR qid:`91598` OR qid:`91599` OR qid:`91600` OR qid:`372331`)


FEBRUARY, 2020

vulnerabilities.vulnerability:(qid:`50098` OR qid:`91602` OR qid:`91603` OR qid:`91604` OR qid:`91605` OR qid:`91606` OR qid:`100401` OR qid:`110344` OR qid:`372371` OR qid:`372380` OR qid:`372381` OR qid:`372383`)


MARCH, 2020

vulnerabilities.vulnerability:(qid:`50099` OR qid:`91607` OR qid:`91609` OR qid:`91610` OR qid:`91611` OR qid:`91613` OR qid:`91614` OR qid:`100402` OR qid:`110345` OR qid:`110346`)


APRIL, 2020

vulnerabilities.vulnerability:(qid:`100403` OR qid:`110347` OR qid:`110348` OR qid:`372502` OR qid:`372503` OR qid:`372504` OR qid:`372505` OR qid:`372506` OR qid:`372507` OR qid:`91618` OR qid:`91620` OR qid:`91622` OR qid:`91624` OR qid:`91625`)


MAY, 2020

vulnerabilities.vulnerability:(qid:`91632` OR qid:`91633` OR qid:`91634` OR qid:`91635` OR qid:`91636` OR qid:`91637` OR qid:`91638` OR qid:`91639` OR qid:`91640` OR qid:`100405` OR qid:`110349` OR qid:`110350` OR qid:`372564`)


JUNE, 2020

vulnerabilities.vulnerability:(qid:


JULY, 2020

vulnerabilities.vulnerability:(qid:


AUGUST, 2020

vulnerabilities.vulnerability:(qid:


SEPTEMBER, 2020

vulnerabilities.vulnerability:(qid:


OCTOBER, 2020

vulnerabilities.vulnerability:(qid:


NOVEMBER, 2020

vulnerabilities.vulnerability:(qid:


DECEMBER, 2020

vulnerabilities.vulnerability:(qid:

 

SUGGESTED ADDITIONAL WIDGETS 

Attached Files:

  • Top_50_Windows_Assets_Pending_Reboot_VMwidget.zip
  • WindowsAuthWidgetBundle.zip

 

 

Demonstration Image(s) 

 

 

IMPORTANT: Importing Dashboard and/or Widget JSON files - Enable historical data collection

 

When you export dashboard(s) and/or widget(s) that have "Enable historical data collection" turned on, and then import them later, you will have to manually "Enable historical data collection" following your import.  This is by design.  The action of turning on this feature starts the clock for data retention.

 

Demonstration Image(s) 

 

If you have any questions, please post them below, contact your TAM, or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc..

 

Related Qualys Blog Posts Updated May 14, 2020

  1. QLYS BLOG: January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns  
  2. QLYS BLOG: February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns 
  3. QLYS BLOG: March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches 
  4. QLYS BLOG: April 2020 Patch Tuesday – 113 Vulns, 19 Critical, Zero-Day Patches, SharePoint, Adobe ColdFusion 
  5. QLYS Blog: May 2020 Patch Tuesday – 111 Vulns, 16 Critical, SharePoint, VS Code, Adobe Patches

 

 

 

Back to Dashboards and Reporting Resources - Start Here 

Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA [CLOSED] 

1 person found this helpful

Outcomes