One team is responsible for OS level patching another team is responsible for software patching...I need to separate the 2...
Yes, you can do this with search lists.
Create a search list for the software's you're interested in and another for the operating systems.
KnowledgeBase > Search Lists > New Dynamic Search List
Next, create different templates for different search lists.
Reports > Templates > New > Scan Template
Now, run the report using the different templates - you'll have different sets of vulnerabilities.
Thank you for the reply that does help some, however I am interested in any and all software...so I checked "Not" and found as many Windows Server OS as possible. But I am still seeing OS level vulnerabilities in the report...
Are you also seeing software and OS on different ports as well? That is something we ran into. Qualys does not have the capability yet to separate OS level vulnerabilities from application vulnerabilities as well as separate them by port.
You can make remediation rules to create Qualys tickets for certain teams using those search lists above, however, there is no product or category called "None" which are a lot of the vulnerabilities are classified as. We had to create our own process using Qualys data through the API and created reports using the ticketing data. This way only we could get one vulnerability to show up on one report. The built-in scan reports do not give this functionality.
Retrieving data ...