• SambaCry Inquiries from Qualys customers: CVE-2017-7494

    Based on a client inquiry, the vulnerability management product team confirmed that no Samba code is installed on any physical, virtual, internal or perimeter scanners. The scanner OS (CentOS based) does not have any ...
    Mark Butler
    last modified by Mark Butler
  • User account password expiration exclusion

    Currently the user account password policy is subscription-wide and no account may be excluded from them. I along with others have presented API and reporting scenarios to justify excluding certain accounts from pas...
    apedret
    last modified by apedret
  • FreeBSD Stackclash

    QID 370433 is detected on all my BSD hosts, all of which are 11.2-RELEASE-p4 or later. I have downloaded all the PoC code from ExploitDB and tested it against these hosts and have seen no evidence of privilege escalat...
    Rick Chisholm
    last modified by Rick Chisholm
  • QID 90126 - Pending Reboot

    I am curious if Qualys only looks for one value in the registry to determine if a system is "pending reboot".  Per the description, and based on what I have seen in my environment, this is all I ever see reported...
    adamc
    last modified by adamc
  • Dashboards and Visualizations

    I am surprised Qualys does not offer a Dashboard feature that would allow data/metrics to be shown on screens like on SOC floors etc.  From what I can see, we are limited to the general VM and the AssetView ...
    adamc
    last modified by adamc
  • Null Sessions: QIDs 70003 vs 90044

    Hi all,   Qualys flags a lot of my assets with the QID 90044 (Allowed Null Session) and only a few of them with the QID 70003 (Null Session/Password NetBIOS Access).   QID 90044 checks if th...
    Albert Ros
    created by Albert Ros
  • Deactivated Reports and now Scans

    Hi, two weeks ago I observed scheduled reports becoming deactivated, and today I see that scans are being deactivated all by themselves.  #144629 has been added to with scan details.   Anyone else observing...
    Chalky_White
    last modified by Chalky_White
  • What are scenarios in which one should purge an asset and one shouldn't?

    After an asset has been purged, and later it is needed to scan the asset again, do the asset needs to be subscribed again to Qualys?
    Gaurav Kumar
    last modified by Gaurav Kumar
  • Anyone on US Platform 2 willing to share what scanner version and signature versions?

    I am just trying to see if there is an issue or not. We have two different physical appliance models, QGSA-3120-A1 and QGSA-4120-A1.   Our 3120 appliances are at scanner version 10.1.30-1 and the signatures are ...
    psaux
    last modified by psaux
  • Scanner Activity Graphic Script

    As a number of people have requested this I'm making my old shell script to create PNG graphics to show SA activity available here. I'm no programmer and Eric would likely code this in half the text but here it is any...
    Damian OHara
    last modified by Damian OHara
  • Sub Forums - Windows Server, Linux Server, Cisco Ironport

    If we have a sub forum for common operating system or other hardware like cisco ironport, then it would be easy to contribute. As an infrastructure security professionals we could contribute to the wider community and...
  • Automated Asset Discovery?

    Hello and I am looking for any updates on how to automate asset discovery.  I think most customers use the MAP feature and then look for anything not in the subscription yet.  However, I am looking for hopef...
    Rusty Qualyz
    last modified by Rusty Qualyz
  • Windows Updates Requiring Registry Configs

    This seems to be a current topic of interest by some of the members.     These are the MS updates requiring registry configurations that I am aware of.  
    adamc
    last modified by adamc
  • How to Setup SSH Keys instead of Passwords for Linux Servers

    Note: Workflow detailed by mwalker Step 1: How do I generate an ssh key pair: Windows Mac OS Linux Step 2: How do I distribute my Public Key The public key to be used for Unix authentication needs t...
    Laura Seletos
    last modified by Laura Seletos
  • Open SSL vulnerability  QID: 38626 CVE ID: CVE-2016-2107

    Hi Team,   I am getting Open SSL vulnerability in Windows server, when I researched found that in Windows server  not use OpenSSL but found "ssleay32.dll " file use OpenSSL, uses many applications...
    shivaprakash T
    last modified by shivaprakash T
  • False positives

    I have a hundreds of Centos 6 boxes showing as unpatched for stack clash. However they have been patched. rpm -q -changelog kernel-2.6.32-696.6.3.el6.x86_64 - [mm] enlarge stack guard gap (Larry Woodman) [1452729 145...
    neilc
    last modified by neilc
  • QID 370410 - Sudo_get_Process_ttyname() - AIX Impact?

    Hi,  Does QID 370410 affect AIX servers ? . As far as i am aware, this vulnerability is specific to Linux Systems and all the resources / CVE pages have listed different distro's of Linux as impacted but not AIX...
  • Vulns from Shadow Brokers

    QID -   TITLE   87284 - Microsoft Internet Information Services 6.0 Buffer Overflow Vulnerability - Shadow Brokers (EXPLODINGCAN) Zero Day    ISSUE:  this only detects for IIS, not if t...
    adamc
    last modified by adamc
  • Scanning a Palo Alto PAN Firewall

    Hi all,   Is it possible to scan a Palo Alto Firewall with Vulnerability Managemenet using credentials? I haven't seen any vulnerability related to Palo Alto in the KnowledgeBase.   Thanks in advance.
    Albert Ros
    last modified by Albert Ros
  • Detecting network congestion

    Are there any suggestions for determining when/if scans are being impacted by network congestion?  I see some time outs for QID 105053 "Unix Authentication Failed" and suspect network congestion as the culprit.&#...
    Private Username
    last modified by Private Username