We are in the process of disabling/deleting/banning Java from the network. My boss wants me to use Qualys to search for hosts with Java so we can get rid of it. Is this possible and if so how do I go about setting up that scan?
Are you currently scanning the network? If so, are you performing an Authenticated scan? If you are it should be as easy as setting up a search list with some informational QIDs that show java is installed and then attaching that search list to a report template.
For example take a look at the following QIDs:
45192 - IBM Java Detected On Target Host (works on both windows or unix).
45125 - Java Version Detected (unix only)
45095 - Sun Java Runtime Environment Installed (windows only)
Thanks I'll give that a try. The answers to your questions are yes and yes. I was tinkering around a little with search lists but never implemented anything with them so I'll work on that.
On the report template you go under the filter tab, do selective vulnerability reporting, custom then add your search list there. Also on that same tab don't forget to scroll down and check mark Under State "Information Gathered Active" or else nothing will appear
Ok where in the search do you input the QIDs and where can I find which QIDs are which? Does that make sense?
Ok I see. I was doing a dynamic search.
Yeah, the dynamic search would be useful say if you wanted to grab multiple QID's and QID's that might be generated forward that have the same title (example: Heartbleed Bug).
Retrieving data ...