I was not entirely sure how to word this correctly. So I will give an example, as I saw some other that did this and cannot find them now. There were other items I had seen that enumerated contents of a QID...and were able to report back results from inside that enumeration in some way.
So I would start a very specific example to understand the logic around the query.
QID 45302 - Administrator Group Members Enumerated Using SID
This Qualys ID as far as I know, enumerates the Administrators Group in Windows servers.
I ran the following:
Vulnerability Management > Asset Search >
QID = 45302
Last Scan Date within 45 days (data that is fairly recent)
I get a report that has the following columns:
IP Address / DNS Hostname / NetBIOS Hostname / OS / QID / Tracking / First Found / Last Found
I clicked on the IP of the first server found and get a popup of it.
I goto Vulnerabilities / Information Gathered / Administratior Group Members Enumerated (I expand it)
In the RESULTS section I get: (obfuscated of course)
Administrators <servername>\local admin username
Is there a way to run a report and PULL all the administrators listed above for each server in some way? Pull that data out of the QID enumeration?