Can you please explain the steps behind a scan Qualys VM and is there any impact on the servers?
Also, what type of account does Qualys needs in order to perform authenticated scan on the servers?
A local Admin, or Domain Admin account is what's recommended for Authenticated scanning. If the account used is limited in any way the scan will simply not be able to do a full assessment of the hosts.
For your first question about Qualys VM, I recommend Qualys Vulnerability Management Video Series, especially the video titled "Scanning - How it Works". For your second question, I recommend the Qualys Policy Compliance Video Series, especially the two videos on trusted (i.e. authenticated) scanning.
Thank you for the reply. I’ve gone through the videos and conclude the following:
Steps during Qualys Scan -> Answered
However for my second question, i didn't really got my answer. (I apologise for unmarking your reply as the correct answer)
what type of account does Qualys needs in order to perform authenticated scan on the servers?
Infact, what I meant by this question is that:
Thanking you in advance and awaiting for your reply.
Retrieving data ...