Qualys is great for identifying vulnerabilities and creating lists of them, as well as subdividing them into different groups using tags, sub-dashboards, etc..
But how well does it do for reporting on the fixing of these vulnerabilities?
Many of us are great at creating different views/dashboards/reports on the plethora of threats and vulnerabilities out to get us, but how many of us are good at reporting what we HAVE fixed in the past?
This is not a specific question, but an open request for ideas for me and others on how to Measure in Qualys how our guys who patch are doing . For instance, I don't patch systems, but I handle Qualys, and other systems.
So I have a number of questions (some are very open ended for you so that others can get something out of this thread)
- How do you get something out Qualys that is geared towards something akin to a KPI? Recording data from the scans on how the patching is going?
- Anyone have any good dashboards they are willing to share with this community on the other side of vulnerability reporting, the fixing (or fixed) part of it?
Again, this is an open ended one that I think would benefit the group greatly. I have benefited significantly from thread like this over the single year I have been here and this is one particular arena that I have not seen brought up very well so far. So here we go.