AnsweredAssumed Answered

Exploit Pack Correlation

Question asked by QM_SSJ4 on Nov 15, 2012
Latest reply on Jan 16, 2013 by QM_SSJ4

Something I find my self doing a lot lately is correlating CVE-ID's to QID's to SearchLists to Reports to measure exposure to the Risks they represent. I know Qualys has some automatic exploit pack correlation and assume all the non-specifc one's are under the generic 'Exploitpacks' correlation but sometimes I need something very specifc to determine exposure to a specific Threat. I also understand the challenege with including them all but am wondering if their is a better way to keep my reports up to date than contininuously adding more/new CVE-ID's to existing Static Search Lists.

 

Maybe a Semi-Static Search list that allows you to add a list of CVE-ID's and Qualys will automatically update with QID's as more are correlated?

Current Dynamic Lists appear to only let you have a single/limited CVE-ID in it else you get an error when attempting a comma separated list.

Outcomes