I’m looking to create a scan list that can scan against the current SANS top 10 or 20 Vulnerabilities. Is there an easy way to create this list and get the QID’s? It looks like the current SANS 20 Search list references the 2008 SANS 20 vulnerabilities - Does any one know how to change this?
SANS has not released a Top-20 report since 2007. It's been superseded by the Top Cyber Security Risks report, aided by our own Wolfgang Kandek. The TCSR report is more of a "state of the threatscape" report, rather than a list of top vulnerabilities to scan against.
If you're looking to limit the scope of what you're scanning for, I'd recommend using the default option profile, but only reporting against high severity vulnerabilities.
one focused scan/report that I have been recommending to customers is using the new "ExploitKits" filter. In that filter our Vulnerability team has tagged 58 vulnerabilities that are used in commercial Malware kits that are available on the black market. The resulting report is geared towards client side vulnerabilities in OS, browsers and browser plug-ins that are used to propagate mass malware and is very practical for a fundamental security scan. You will need to run authenticated scans to get access to the needed information.
To setup the filter look under "Search Lists - New - Dynamic List" and select "ExploitKits" from the "Exploitability" section.
I have put up more information in a blog post here: https://community.qualys.com/blogs/securitylabs/2011/05/24/good-software-hygiene--new-tool-in-qualysguard
Tom - what i would do is create search lists that have the criteria I want to check against and while in the search list edit screen, use "Test" to determine what QID's are flagged for that specific check. For example, if I select ExploitKits, then press Test, I will see what QID's are filtered by that choice.