AnsweredAssumed Answered

How to determine IF a server was scanned?

Question asked by Larry Rosen on Jul 26, 2017
Latest reply on Aug 2, 2017 by Tom Noorman

For a Qualys VM scan I've been having a "discussion" with our Qualys team about the data they supply me (I'm now in IT Security, but used to work closely with Qualys VM). We don't have direct access to Qualys, so rely on report that they have extracted into Excel. We break our systems down into "Services" and each service (Hosting, File/Print, etc) tends to have a fairly stable # of servers within them. Occasional up/downs for capacity, refreshes etc...

 

Here's my dilemma. I'll get a report that says "We scanned your 45 servers and here all the vulns we found" but the next month I'll get "We scanned your 35 servers.......". When I question the disconnect in server counts, I tend to get back "Well, if there are "0" issues found, it won't show up in the reporting". I would much rather see ALL servers to know the scans were successful vs being missed due to a server being down at scan time or something timing out or just typical short term network glitches....

 

What ability does Qualys have to show "all servers successfully scanned" without regard to actual vulnerabilities found?

 

Thanks.

Outcomes