Can someone direct me on the right path on how to create an aging report within Qualys either via a report or via a dashboard or widget?
We would like to track QID's that have passed the 90 day mark and the 180 day mark. For this, we currently have created a small query externally from Qualys in our ticketing system (SCSM) were we track QIDs 1) over 90 days and less than 180 days (90-180) and then 2) QID's over 180+ days. We call this our aging report and use it to identify what needs further escalation.
The above reporting method uses the scan results based on the month the scan was conducted. For example,a scan done on July 2nd will be entered in SCSM as "July Scan QID 1234".
At this point as of 10/16/17, QID "1234" has aged more than 90+ days but less than 180 days. Once it goes 180 or over 180 days it will show in the aging of QID items that have aged over 180+ days.
I have yet to find a good way of doing this within Qualys. I have tried using the queries in Asset View and have created something like the below
vulnerabilities:(firstFound >now-4M and vulnerability.severity:"5" or vulnerability.severity:"4" or vulnerability.severity:"3" )
But this does not give a true age in terms of how many days have passed, it only gives me a visual presentation of items firstfound now going back 4 months. On top of that the "FirstFound" does not seem to be the correct identifier or filter parameter as a QID that was first found in January can be remediated in February and and then reappear in July or a QID that was first found in January and never remediated will continue to appear in the July scans. How do you adjust for this scenario then?
Any feedback would be appreciated.