• Postman Quick Reference and Cheat Sheet

    As most of you know I recommend Postman over dealing with curl and found this little gem today:   The Postman Cheatsheet & Quick Reference Guide - Community showcase - Postman 
    Jeff Leggett
    last modified by Jeff Leggett
  • SambaCry Inquiries from Qualys customers: CVE-2017-7494

    Based on a client inquiry, the vulnerability management product team confirmed that no Samba code is installed on any physical, virtual, internal or perimeter scanners. The scanner OS (CentOS based) does not have any ...
    Mark Butler
    last modified by Mark Butler
  • Policy Compliance - Custom Controls

    Has anyone else created custom controls within the Policy Compliance module?  It seems limiting and not very straight forward.   When creating a simple registry check it seems I need to select all the ...
    last modified by theone2018
  • How to get >A on IIS (Windows 2016>)

    I have tried MULTIPLE ways of trying to get better than an A on an IIS site (windows 2016 or Windows 2019), but the best I can score is A. I have used the most current version of IISCrypto to manage the settings. Ho...
    Shane Rzip
    last modified by Shane Rzip
  • Launching Report doesn't work for scanner/reader API but works for manager.

    Per the permissions chart below: User Roles Comparison (Vulnerability Management)    A reader should be able to launch reports. In fact, you can even designate specific report templates to people otuside o...
    Eric Rubin
    last modified by Eric Rubin
  • User account password expiration exclusion

    Currently the user account password policy is subscription-wide and no account may be excluded from them. I along with others have presented API and reporting scenarios to justify excluding certain accounts from pas...
    last modified by apedret
  • All Qualys-owned websites should score perfectly in the SSL Labs SSL Server Test to have an ideal case as a reference

    To set the example for others, I feel that both qualys.com and ssllabs.com should be improved so that they represent the ideal websites when scored by the SSL Server Test (Powered by Qualys SSL Lab...
    Kenneth Barber
    last modified by Kenneth Barber
  • FreeBSD Stackclash

    QID 370433 is detected on all my BSD hosts, all of which are 11.2-RELEASE-p4 or later. I have downloaded all the PoC code from ExploitDB and tested it against these hosts and have seen no evidence of privilege escalat...
    Rick Chisholm
    last modified by Rick Chisholm
  • Firefox, Safari, Edge and Chrome deprecated TLS 1.0 and TLS 1.1. Protocols will be removed from browsers beginnig of 2020.

    Yesterday, October 15th 2018, Microsoft [1], Mozilla [2], Apple [3] and Google [5] all at the same time announced deprecation of TLS 1.0 and TLS 1.1. This two protocols will be removed from browsers beginning of year ...
    last modified by j-mailor
  • QID 90126 - Pending Reboot

    I am curious if Qualys only looks for one value in the registry to determine if a system is "pending reboot".  Per the description, and based on what I have seen in my environment, this is all I ever see reported...
    last modified by adamc
  • Oracle 12c - Unified Auditing

     A lot of the Traditional Auditing is covered by CIDs 12619, 12620, 12621, 12622, 12623 and 12624 when using Unified Auditing. However, there is one in particular that I am having trouble...
    K C
    last modified by K C
  • Running SSL Server test or equivalent for a smartphone app

    For the ordinary user (in other words, not an app developer), is there a way to run an SSL test on a smartphone app like the SSL server test at SSL Server Test (Powered by Qualys SSL Labs) or the BrowserChec...
    Bob Stromberg
    last modified by Bob Stromberg
  • Dashboards and Visualizations

    I am surprised Qualys does not offer a Dashboard feature that would allow data/metrics to be shown on screens like on SOC floors etc.  From what I can see, we are limited to the general VM and the AssetView ...
    last modified by adamc
  • Null Sessions: QIDs 70003 vs 90044

    Hi all,   Qualys flags a lot of my assets with the QID 90044 (Allowed Null Session) and only a few of them with the QID 70003 (Null Session/Password NetBIOS Access).   QID 90044 checks if th...
    Albert Ros
    created by Albert Ros
  • Community Members: Introduce Yourself

    Ok, I'll go first.   I'm Robert Dell'Immagine, and I manage Qualys Community (also Qualys.com, and I participate on social media as well).  I've been at Qualys for just over 3 years as I write this (Februar...
    Robert Dell'Immagine
    last modified by Robert Dell'Immagine
  • TLS 1.3 now final

    fyr https://tools.ietf.org/html/rfc8446
    last modified by Rob_T
  • Allow protocol choice on server check

    On the server SSL check, I would like to be able to specifcy "Check ipv4 servers" only, since the more servers that are checked, the longer the process takes.
    Douglas Foster
    created by Douglas Foster
  • Bulk Uninstall Agents (by tag name) via Postman

    I recently had a request to do a bulk uninstall of duplicate agents via the Qualys API. I set this up via Postman and have attached the export for anyone to use and modify.    NOTE: Please read the "Un...
    Laura Seletos
    last modified by Laura Seletos
  • Discussion: Non-expiring API Account in Qualys

    Discussion: How to set up a non-expiring API Account in Qualys.   Problem: Setting up the password expiration policy within Qualys is a subscription level configuration setting. This has been an i...
    Laura Seletos
    last modified by Laura Seletos
  • Policy Compliance - Detecting Qualys Cloud Agent is Installed

    Here is a sample policy for the Qualys Policy Compliance Module to reference detecting the Qualys Cloud Agent. Notes: You can use this template to detect other installed agents as well.  Please comment below w...
    Laura Seletos
    last modified by Laura Seletos