Creating dynamic search list for Missing Patches or EOL software and OS’s is quite easy to establish within Qualys, but how about other important categories?
Missing Patches – can be fixed by Patching
EOL – systems or software that are not maintained anymore
Credentials – systems or software that uses a default, a known or no password at all
Broken Cryptography – systems that use broken cryptography or no cryptography at all
SSL Hardening – often related to disabling of deprecated or flawed cryptographic algorithms.
Configuring search lists for Patching is quiet easy to configure and for EOL just filtered by Vulnerability title. But there is no common naming convention that I can look for the others.
Collecting manually the QUID’s based on CVE numbers is quite an effort.
Does anyone else seeing the same issue?