Reporting Toolbox: Reporting Best Practices FAQ

Document created by DMFezzaReed Employee on Dec 7, 2018Last modified by Robert Dell'Immagine on Mar 18, 2019
Version 8Show Document
  • View in full screen mode

The page provides a fluid documentation resource for Reporting Best Practices within the Qualys suite of products.

 

Functional Reality & Purpose

Some considerations...

  • Qualys UI Reporting is intended to generate human-readable reports, not for exporting every vulnerability from a subscription
  • Qualys UI Reporting is not designed for large scale data exports. Qualys provides APIs for large data exports e.g. exporting every vulnerability from a subscription. To learn more, view the latest API documentation.

 

The art of creating useful, human-readable reports (easy to read, understand, and prioritize) is accomplished by leveraging Host Based report templates configured with

  • targeted asset groups and/or tags (avoid All group), and
  • leveraging focused search lists and/or queries

 

Reporting - It's all about the plan

 

Tiered ReportingC-Level, VP-Level, D-Level, Manager, Technical SME-Level
Lines of Business within your OrganizationCorporate, Subsidiary, Divisional, Regional, Branch
Infrastructure/Network SegmentsInternal/External/DMZ, OnPrem/Cloud, Production, Pre-Production, QA, Test, Development, Sandboxed
Technical/Remediation Team structure(s)Hardware/Software/Out-of-Band (Mgmt XFace), Operating System, Application, Database, Network, Server, Client Endpoint, Wireless, Internal/External/DMZ, Web Apps, Appliance, Physical, Virtual, Domains, etc.

 

Reporting - Tips for Success

 

Align your reporting search lists with Client Security policies, standards and guidelines.
Reporting routine should coincide with scanning routine - if you scan weekly, report weekly.
Maintain a consistent reporting structure over time for improved trending results.  
Reports always collect the most recent scan results; therefore, purging outdated (obsolete) host scan results data is critical.
Engage report consumers frequently and assess how reports can be best aligned with maintenance processes.
Focused Host Based reports are much more efficient than Scan Based reports.
Use Our New Dashboards! Click here to learn Dashboarding Best Practices.  
Dashboards are interactive reports…so there's no need to change the approach between reporting and dashboarding schemas.
Consider leveraging the Qualys API to create a hybrid report archival program.
Take advantage of Qualys API integrations (e.g. Splunk)

 

Common Reporting Questions

 

What is the maximum number of Assets I can generate a report on?

There's no hard limit on the maximum number of assets that can be reported on. Primarily it is the number of assets and the number of detections associated with those assets that affect the report generation. For example, a report on <N> assets may generate successfully if the scope of detections is limited to only severity 5 vulnerabilities. But a report with same asset scope may fail if all vulnerabilities are requested.

 

What are the factors that may lead to Report generation failure?

The 2 key factors that impact the success rate for report generation are:
1) the amount of data the Qualys Cloud Platform has to process, and
2) the amount of data that has to be published on the output file

 

Let's consider this report example:
Say you'd like to create a Report including a Trending Graph. The graph in the report does not increase the size of the output file by much, but the amount of transitional data for each detection for each asset the Qualys platform has to process to build that Trending Graph increases by many folds. Further, if detections have a long history with high volume of transitions, the Qualys platform now has to process a lot more data for the same number of detections. This could severely impact the success rate for report generation.

 

Suggestion: Reduce the trending period and/or apply vulnerability filtering and/or apply asset filtering. All these actions will reduce the data the Qualys platform has to process and increase the success rate.

 

 

Reporting Resources

 

Reporting on Qualys Community

Easily get helpful tips for finding topics of interest. You can use labels to find posts related to Dashboards, Qualys Query Language (QQL), how-tos and ideation.

 

Sign up for our Self Paced Training

Our Reporting Strategies and Best Practices self-paced training course gives you Qualys product expertise and tips on reporting and dashboarding.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Back to Dashboards and Reporting Resources - Start Here 

Attachments

    Outcomes