Good day. I need to make a report with vulnerabilities that were not fixed within 12 months.
How to do it?
In the next generation of asset tagging, Qualys query language (QQL) will be supported, between now and then, the recommended work-around is to leverage the AssetView or new VM dashboard beta to identify these assets, as follows:
vulnerabilities.typeDetected:[Confirmed,Potential] and vulnerabilities.vulnerability.severity:[3,4,5] and vulnerabilities.status:[ACTIVE] and vulnerabilities.firstFound<now-365d
I am thinking you might do this with a groovy tag; I should be able to write this up if you want. Are you looking at a specific Severity level?
I know you could do this in Asset View quickly but you can build a report off of that query to my knowledge. We could write a TAG that just detects a vulnerability that is "Active" and number of days since detected > 365.
Once this is marked the rest you should be able to do in the report template. I would need to test to verify but if your interested I will try to write something up.
Thank you for your response.
I am new to working in Qualys and it is still difficult for me to make such a report using TAG. If it's not difficult for you, show with an example how to perform such a task(TAG).
It must be 3,4,5 Severity level and vulnerabilitys that is "Active" and number of days since detected > 365.
It is fantastic! Thank you very much!
Perhaps, you can tell me how to make a report from these results?
That is why I looked at the groovy TAG. What I have been waiting for is to put the Query that Debra did as the rule in a TAG. That would help on a lot of issues. I think Qualys is working on this but no telling the time.
Let me know if you are still interested in the TAG
I am interested in the TAG. But, i don't get it about the rule in a TAG. What is "rule in a TAG"?
When you create a TAG each TAG can have a RULE as to how the tag is applied. You could have no rule and then it is basically you applying the tag to a specific asset.
What most people will do is create a TAG with a rule such as Network Range.
TAG: Internal Server
Rule Type: IP in Range
Ranges: 10.1.1.0/24, 10.1.2.0/24
Now the way this TAG called "Internal Server" would get applied is that on the next scan that involves any asset in the range in the rule the tag would be applied.
You can also do this with services, OS etc... the expert on this is cpepper he has some excellent articles on this.
You might get some coffee and look up: Asset Tags: Are You Getting The Best Value
TAGS are used extensively in the dash-boarding as well and can be used for scanning.
Retrieving data ...