• Query assistance

    Widgets Widgets I love Widgets...    Looking to see if anyone else worked through this in the past.  We have exceeded the 4096 limitation on the widgets in the assetview module.  Before you say it...
    Kevin Ryan
    last modified by Kevin Ryan
  • Update Best practices, prioritize GCM over CBC

    As you are aware windows 10 prioritizes GCM over CBC, even TLS_RSA GCM over ECDHE_ECDSA CBC. Feburary 8 2019: "Craig Young, a computer security researcher for Tripwire's Vulnerability and Exposure Research Team, f...
    Ty V
    last modified by Ty V
  • CVE-2019-0232 - Apache Tomcat

    Hello all,   Yesterday,CVE-2019-0232 was announced by Apache Tomcat (https://tomcat.apache.org/security-7.html) & (https://gbhackers.com/apache-tomcat-security-vulnerability/).   I've tried to search f...
    last modified by phillk
  • Assessment failed: Unable to connect to the server

    Why we are a getting error"Assessment failed: Unable to connect to the server" issue? what does this issue mean?  I have checked my SSL of the TLS 1.2 is supported and my windows server firewall is disabled....
    surya rao
    last modified by surya rao
  • Using SNMP for authenticated scanning

    Is SNMP read only access sufficient to run an authenticated scan against Cisco networking devices ?
    Stoyan Neikov
    last modified by Stoyan Neikov
  • Anyone having issues auto-updating to the new Windows Cloud Agent 3.0?

    Hello Qualys Community,   Qualys updated all PODs on Monday with the new Windows Cloud Agent 3.0.  We have our auto-updating turned off except for some test machines when a new agent comes out.  It has...
    Rusty Qualyz
    last modified by Rusty Qualyz
  • Enabling - Agentless Tracking

    Greetings all.  I am looking to see if anyone has any words of wisdom here. I am currently scanning by IP, but I am getting the duplicate issue.  So I am looking at enabling Agentless Tracking to help remov...
    John Sponheimer
    last modified by John Sponheimer
  • QID for CVE-2019-9730

    This CVE was created in monday (http://jackson-t.ca/synaptics-cxutilsvc-lpe.html) but Quays does not have it on it DB.   Do i need to  open a ticket to have it added to the qualys Knowledge base
    Alvaro Higuero
    last modified by Alvaro Higuero
  • WAS Engine 6.6 Released

    Hello all -   WAS Engine 6.6 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS scanning engine.  T...
    Dave Ferguson
    last modified by Dave Ferguson
  • Anyone Scanning RHEL 6.9 Hosts?

    We are having issues with vulnerability detection on our RHEL 6 estate, wondering if anyone else is scanning any RHEL 6 boxes on a regular basis?
    Dan Leate
    last modified by Dan Leate
  • SOAP APIs not crawled even when WSDL is specified as explicit URL

    Hello,   I am trying to scan an ASP.NET web service (.asmx). Here are the steps I followed and the observations -   After configuring the application, ran a discovery scan and did not see the WSDL being re...
    Aarthi Sriraman
    created by Aarthi Sriraman
  • POST Rest APIs not getting crawled - WAS

    Hello,   I have been trying to configure a bunch of GET and POST requests in Qualys. Here are the steps I have followed -   Configured Postman to use BURP proxy. Used Postman to run the APIs that I want to...
    Aarthi Sriraman
    last modified by Aarthi Sriraman
  • Suggestions for the SSL and TLS Deployment Best Practices update

    I noticed with some surprise that https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices hasn't been updated since May 2017, as I would have expected that it keeps up with the rating criteria. ...
    Karl Ewald
    created by Karl Ewald
  • Invalid 0-RTT detection

    ssllabs test   "0-RTT enable    No"   But if I check in other ways:   а)   Checked using the program under the python3 - sslyze 2.0.3   python3 -m sslyze --early_data www.b...
    Alexander Falaleev
    last modified by Alexander Falaleev
  • Unable to connect to the server

    SSL Report: www.mysextoys.ru ( Assessment failed: Unable to connect to the server     Why? On https://dev.ssllabs.com/ everything OK.
    Игорь Соколов
    last modified by Игорь Соколов
  • Question about - Notes on the Networks Feature

    Hello,   Wondering if a lot of people have used the Networks feature.  I have read Martin's article and wanted to know, once I assign a scanner, is that scanner dedicated to that network and that network al...
    Rusty Qualyz
    last modified by Rusty Qualyz
  • Notes on the Networks Feature

    Introduction The Networks feature is a capability in the Qualys portal that must be enabled on a customer-by-customer basis. The Networks feature is intended to allow customers to solve issues related to overlapping a...
    Martin Walker
    last modified by Robert Dell'Immagine
  • Proper method for a full TCP/UDP Port Mapping

    Hello All!   I am not experienced with Qualys and am having problems figuring out how to perform a full TCP and UDP port scan on a group of hosts. I read that a PCI scan will do a full port scan by default, but ...
    Richard Feldmann
    last modified by Richard Feldmann
  • Authenticated scans for Linux

    I was asked what exactly Qualys do during authenticated Linux OS scan. For what kind of actions he needs elevated privileges? Can someone redirect me to any documentation with answer to this question please?   T...
    last modified by lukcem
  • 150081 X-Frame-Options header is not set

    Anyone have any ideas on why Qualys would be saying that we have this error: 150081 X-Frame-Options header is not set But when I look at the headers using a chrome extension for this url I see this which seems to ha...
    Greg Mercer
    last modified by Greg Mercer