Does anyone know how to add an OS type when creating a dynamic search list?
I'm trying to make a crossed search to find hosts with specific operating systems and that are vulnerable to QID xyz.
Whoops, I apologize for assuming this was outside of the remediation module within Qualys.
I haven't used the remediation module very much but would this still work if you did what I mentioned before about the asset groups, and then added a new rule within the remediation module where the conditions are Hosts = Asset group (Windows Server 2012, as an example) and then attach the dynamic search list for the vulnerability? Again I am not sure if this would work, but thinking through the logic it might?
Humm Landry I don't believe they have Operating System as an option within the Search List functionality (which you should contact Qualys and maybe put in a feature request?) But I think there is still a way to do this, but it might be a little clunky.
I have a theory but unfortunately I am swamped at work today so I don't have time to test and verify but I don't see why it couldn't work.
You could do an Asset Search on all of your devices for a specific Operating System (scanned in the last x days, depending on when you run your scans). And then once that search has completed check all of the IP's and go to Actions and then create an Asset group on all of those devices (calling it like Windows Server 2012 found in the last x days). Then once you have that asset group you now have all devices with a specific OS in one group. Now you would go create a dynamic search list using the criteria you want for the QID's. And then create a report template with that asset group using the search list you just created and voila. You now have hosts with the specific operating system with your dynamic search list.
Hope that helps
That would be an excellent tracking workaround if I wanted to report against those assets. But I want to use it in a remediation process by creating a rule that will be using that search list. For instance, after a scan, if an asset with a specific OS is found to be vulnerable to QID xyz, then the remediation rule will create a ticket or ignore the vulnerability depending on how I set up the rule.
Yep. It worked. I created an OS-based search tag for the hosts, then a static search list for the QID xyz and finally merged the both lists in a remediation rule.
Thanks a lot for your help!
Woo Hoo glad it worked!
Retrieving data ...