Not that it's atypical of companies, but the company I work for is EXCEPTIONALLY nervous when it comes to vulnerability scanning--and especially scanning. Consequently, getting approval to beef up the #scan profile used to improve vulnerability detection, and scan completion during the alloted window is a constant challenge.
My understanding is the Qualys recommends #discovery scans be performed before running vulnerability scans. My questions are--
1. is it recommended that I have separate profiles for discovery scans and vulnerability scans?
2. If "Yes" then what should (generally speaking) be the differences between the profiles? for example, should/can the discovery scan profile have higher performance setting, larger crawl space, not utilize SmartScan Support or Bruteforcing?
3. Have a different detection scope?
Any advice would be appreciated!@