I've been using Qualys to search environments for vulnerabilities, however there are parts of my network Qualys cannot reach. I want to use a manual vulnerability process for the hosts within this part of the network. To do that, I want to send vulnerability alerts to my operations team so they can use their discretion to determinate if the vulnerability does exist on those hosts.
My question: Is Qualys a comprehensive and reliable source of security advisories? I mean.. if I use newly added Qualys QIDs to advise my operations team, will I be ignoring vulnerabilities? How about zero-day vulnerabilities?
Do anybody do this?