I am new to Qualys and have been spending the past week on the Qualys site learning and absorbing as much as I can.
We recently generated a scan that served its purpose in identifying vulnerable items in our systems.
During a meeting I was asked to identify the Top 10 Mis-configuration Mistakes for our systems after identifying some clients where the adminsitrator account may not expire or windows accounts with unchanged passwords.
A couple of questions...
Will such configuration mistakes be listed only as vulnerabilities? Is there a way to distinguish them?
Any assistance would be much appreciated even if it is to point me in the right direction.
If possible I am also interested in identifying the # of clients affected and their computer names.