• Quick Start Guide for the Qualys API (Postman Edition)

    Hello everyone!   This tutorial and Postman collection is designed to help users get started with the Qualys API quickly and easily. This example is based on the common request around exporting VM data. Please p...
    Laura Seletos
    last modified by Laura Seletos
  • Centrify and Qualys authentication

    Thought I'd share this as I've spent the last few days tracking down why authentication was not working the way we expected.   Our organization uses Centrify to manage privileged authentication and use it for ac...
    William Wingert
    last modified by William Wingert
  • Policy Compliance - Custom Controls

    Has anyone else created custom controls within the Policy Compliance module?  It seems limiting and not very straight forward.   When creating a simple registry check it seems I need to select all the ...
    last modified by theone2018
  • PCI Guidance for SSLv3 and Early TLS issues with Mitigation & Migration Plans

    Per PCI Council guidance, vulnerabilities related to SSLv3 and TLSv1.0 / TLSv1.1 which cannot be fully remediated currently can be approved via a False Positive Request so long as the merchant provides a statement con...
    Bernie Weidel
    last modified by Bernie Weidel
  • Feature Request: Allow API-based access to the Qualys PCI app

    External PCI scans should be a set and forget service unless there are findings that are non-compliant. Right now we have to check whether any of our internet-facing IPs have changed, enumerate all the new ones and th...
    Far han
    last modified by Far han
  • SSLv3 & Early TLS in PCI 3.1 – Mitigate Now / Migrate Later

    -Update- Please see the latest news from the PCI Council on this topic published 12/18/2015 which extends migration dates to 2018:Date Change for Migrating from SSL and Early TLS -Update-   In April 2015 the P...
    Bernie Weidel
    last modified by Bernie Weidel
  • NEW PCI DSS v3.2 & Migrating from SSL and Early TLS v1.1

    SSL & Early TLS vulnerabilities such as QID 38628 “SSL/TLS Server supports TLSv1.0” will be marked as a Fail for PCI as of November 1st, 2016 in accordance with the new PCI DSS v3.2.  For existing...
    Bernie Weidel
    last modified by Bernie Weidel
  • QID 42432 - Possible Scan Interference

    QID 42432 Possible Scan Interference was recently added to Qualys due to increased focus by the PCI Council. The detection is usually triggered when no http services are identified on common web service ports, such as...
    Bernie Weidel
    last modified by Bernie Weidel
  • SAQ version 3.0

    As of 2015, Qualys PCI will no longer host online versions of the Self-Assessment Questionnaire (SAQ).  The SAQ section in Qualys PCI will direct Merchants to the SAQ v3.0 download page at the PCI Council's websi...
    Bernie Weidel
    last modified by Bernie Weidel
  • Postman Quick Reference and Cheat Sheet

    As most of you know I recommend Postman over dealing with curl and found this little gem today:   The Postman Cheatsheet & Quick Reference Guide - Community showcase - Postman 
    Jeff Leggett
    last modified by Jeff Leggett
  • AI not showing any data in dashboard

    We have AI and when I open it all the dashboards/widgets are blank, I added tags (we are already using in AV) and selected everything and tried every dropdown there is but nothing, anyone else have the issue?
    De Witt Tromp
    created by De Witt Tromp
  • User account password expiration exclusion

    Currently the user account password policy is subscription-wide and no account may be excluded from them. I along with others have presented API and reporting scenarios to justify excluding certain accounts from pas...
    last modified by apedret
  • SambaCry Inquiries from Qualys customers: CVE-2017-7494

    Based on a client inquiry, the vulnerability management product team confirmed that no Samba code is installed on any physical, virtual, internal or perimeter scanners. The scanner OS (CentOS based) does not have any ...
    Mark Butler
    last modified by Mark Butler
  • How to get >A on IIS (Windows 2016>)

    I have tried MULTIPLE ways of trying to get better than an A on an IIS site (windows 2016 or Windows 2019), but the best I can score is A. I have used the most current version of IISCrypto to manage the settings. Ho...
    Shane Rzip
    last modified by Shane Rzip
  • Launching Report doesn't work for scanner/reader API but works for manager.

    Per the permissions chart below: User Roles Comparison (Vulnerability Management)    A reader should be able to launch reports. In fact, you can even designate specific report templates to people otuside o...
    Eric Rubin
    last modified by Eric Rubin
  • All Qualys-owned websites should score perfectly in the SSL Labs SSL Server Test to have an ideal case as a reference

    To set the example for others, I feel that both qualys.com and ssllabs.com should be improved so that they represent the ideal websites when scored by the SSL Server Test (Powered by Qualys SSL Lab...
    Kenneth Barber
    last modified by Kenneth Barber
  • FreeBSD Stackclash

    QID 370433 is detected on all my BSD hosts, all of which are 11.2-RELEASE-p4 or later. I have downloaded all the PoC code from ExploitDB and tested it against these hosts and have seen no evidence of privilege escalat...
    Rick Chisholm
    last modified by Rick Chisholm
  • Firefox, Safari, Edge and Chrome deprecated TLS 1.0 and TLS 1.1. Protocols will be removed from browsers beginnig of 2020.

    Yesterday, October 15th 2018, Microsoft [1], Mozilla [2], Apple [3] and Google [5] all at the same time announced deprecation of TLS 1.0 and TLS 1.1. This two protocols will be removed from browsers beginning of year ...
    last modified by j-mailor
  • QID 90126 - Pending Reboot

    I am curious if Qualys only looks for one value in the registry to determine if a system is "pending reboot".  Per the description, and based on what I have seen in my environment, this is all I ever see reported...
    last modified by adamc
  • Oracle 12c - Unified Auditing

     A lot of the Traditional Auditing is covered by CIDs 12619, 12620, 12621, 12622, 12623 and 12624 when using Unified Auditing. However, there is one in particular that I am having trouble...
    K C
    last modified by K C