Vulnerability reports can provide information for both, which is great, but my intent is to have dedicated resources focus on configuration changes and testing of made changes. I prefer to provide them with a stream lined list.
Vulnerability reports can provide information for both, which is great, but my intent is to have dedicated resources focus on configuration changes and testing of made changes. I prefer to provide them with a stream lined list.
To add to what Shyam stated above....
If you want to only send display specific vulnerabilities, Qualys has "search lists" that you can create (static or dynamic in nature) which then you can apply has a filter for templates. This allows you to customize what is displayed in the reports.
Much like Shyam, I am not sure I fully understand the ask. If I was you, I would try to create two dynamic lists associated to two different reports that I have scheduled at whatever frequency you want them to go out. All about that automation.... If you can't figure out how to create the dynamic list, you could always do the static list and just manually update the list with new QIDs that need to be added periodically.
Hope that helps!
First off, thank you for your assistance and guidance. I have an explanation below in which I hope it clears up the topic.
Currently, I run Patch Reports weekly. This provides me with all the needed information, which is great. When reviewing the findings I have solutions for each vuln.
What I am trying to achieve is splitting the report into two categories: Configuration and Patches
Sounds like static lists will need to be the route you go... I don't know of a way to differentiate between those vulns to a point you could do it with a dynamic list.
Good luck.
I think I understand your ask, Dennis. At my current organization we have a similar need to categorize the vulnerabilities into "remediation buckets" such as Microsoft Patch, Third Party Patch, Secure Configuration, EOL/Obsolete, etc. The Search Lists that derekv mentioned can get you very close to solving this.
Fundamentally, you'll need to generate two separate reports, with a filter applied to each one. The Search List will be that filter. You'll need to create one Dynamic Search List with the "Patch Available" checkbox selected; and another Dynamic Search List where you check "No Patch Solution." This should get you close to the two basic categories you need.
Then apply that Search List as a Filter in your Scan Report Template:
Note that "No Patch Solution" doesn't equate 100% to "configuration issue," but it's about as close as you can get using only Qualys filters. At least all configuration issues should be included with this filter selected, though you'll also see other issues such as EOL/Obsolete software, no patch available, etc.
We do further post-processing outside of Qualys with Python scripts and Regular Expressions to hone in on our more precise categories.
Thank you all for the additional information about a viable solution.
Can you explain further? I didn't understand the use case well.
If you're looking for a report that only focusses on patches, there are multiple options.
One is Reports > Reports > New Patch Report.
Other is to create a new template: Reports > Templates > New Scan Template > Display tab > Enable "patches and workarounds". Then run your report on this template.
Does that help?