AnsweredAssumed Answered

Dynamic search lists other than Patching and EOL

Question asked by ahamm on Apr 20, 2018
Latest reply on Jun 21, 2018 by ahamm

Creating dynamic search list for Missing Patches or EOL software and OS’s is quite easy to establish within Qualys, but how about other important categories?

Missing Patches – can be fixed by Patching

EOL – systems or software that are not maintained anymore

Credentials – systems or software that uses a default, a known or no password at all

Broken Cryptography – systems that use broken cryptography or no cryptography at all

SSL Hardening – often related to disabling of deprecated or flawed cryptographic algorithms.

Configuring search lists for Patching is quiet easy to configure and for EOL just filtered by Vulnerability title. But there is no common naming convention that I can look for the others.

Collecting manually the QUID’s based on CVE numbers is quite an effort.

Does anyone else seeing the same issue?