AnsweredAssumed Answered

[Policy Compliance] Where to set "ignore errors" in the Policy Control?

Question asked by Jake VanMast on Apr 2, 2019
Latest reply on Apr 19, 2019 by Jake VanMast

In the Qualys API guide, under "Compliance Posture Information" (/api/2.0/fo/compliance/posture/info/?action=list), the output for "Compliance Status" is: "Passed, Failed, or Error.  An error, only assigned to a custom control, indicates control evaluation failed (and the ignore errors configuration option for the control was not selected).

 

For our (standard) CIS Linux 7, [v2.2.0] Policy, every week we see random controls/host combos report "Error" with Evidence containing "QPC-005".  Is there a way to tell Qualys to ignore these cases, and never report them, such that "POSTURE_MODIFIED_DATE" could only record transitions between:  Pass, Fail?  and the last status (either Pass or Fail) is used whenever Qualys randomly can't get the current status?  Is it necessary to convert the standard CIS policies to custom ones to do this?

Outcomes