AnsweredAssumed Answered

Patch Report doesn't match system data?

Question asked by horizon on Apr 7, 2020

I'm at a loss. To try and clear out bad data in the system, I finally made the call to just purge all ip-tracked hosts and let the scans run to fill the data back in. The trending data was garbage, so I didn't lose anything, and I was hoping I'd have good data afterwards. Instead, I'm finding the same problems. Here's an example:

 

Patch report shows 500+ devices with qid 100294, MS16-095. Old vulnerability, would like to blow it out. Patch report csv shows hostnames as well. One host, let's call it BillJohnsonDesktop, is listed in the by hosts section of the report as having this qid. Asset search in the system for BillJohnsonDesktop, pull up the host, check the vulnerabilities...it's not there. It doesn't have that vulnerability according to the host page. SusanJohnsonDesktop? Pull that one up. Also doesn't show the vulnerability. OK. Search for assets in the VM module that have QID 100294? Nothing. Zero hosts. Make an asset view widget for fun? Nothing. 

 

No matter how I slice it, when I search this QID in the system, I show zero hosts. When I pull up hosts that the patch report shows as having it, they say they don't. Is there any place that I can get consistent data or is this just the way things are with Qualys? Because I'm looking at other tools and I'm wondering if this is turning in to an emergency given the current climate. Please help, I'll take any steps, screenshots, whatever is recommended to me. Right now I can't say with any confidence what vulnerabilities I actually have.

Outcomes