Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Custom Assessment and Remediation

Empower security teams with custom automated workflows for enterprise security & compliance


With Qualys Custom Assessment and Remediation (CAR), we can quickly create reusable custom detections and remediations, including deploying custom configurations and applications. Since CAR is natively integrated into our Qualys Platform, we can leverage our existing security processes for vulnerability management and secure configuration rather than build ad-hoc processes when faced with urgent threats.

Gonz Gonzales Chief Information Security Officer
at JG Summit Holdings, Inc.


Assess Risk of First-Party Applications

Create custom QIDs and custom checks to detect risks associated with First-Party, homegrown applications. Use scripting languages like Python, PowerShell, and many others with customer-defined logic to enrich Qualys out-of-the-box signature library for nearly any zero-day threat, risk scenario, and first-party application. Results are fully integrated with VMDR and TruRisk.

Identify and eliminate risk from open-source vulnerabilities

Create an inventory of open-source components in your production environment to understand exactly which production assets are at risk to the next open source zero-day vulnerability. With more than 15K new open-source vulnerabilities added to VMDR, prioritize and remediate risk associated with open source components with the same workflow and reporting as used for third-party software.

Make it simple

Simplify custom assessment and remediation scripts creation with a centralized repository of scripts, created and maintained by the Qualys research team. The Qualys Script Library contains use case-based scripts written in PowerShell, Shell, Python, Lua, or Perl, and covers a wide range of dynamic categories.

Expand the Enterprise TruRisk Platform with your own logic

Execute custom scripts and controls anywhere a Qualys Cloud Agent exists. Leverage a library of reusable scripts and security controls using the preferred scripting language for the task. Scripts are trackable within your existing Qualys vulnerability and compliance reports with the assignment of custom Qualys IDs (QIDs) and Control IDs (CIDs).

Qualys Detect and remediate vulnerabilities on your first-party applications | Qualys

Detect and remediate vulnerabilities on your first-party applications

Every organization faces unique risks to their environment, especially when it comes to first-party (also known as homegrown or custom) applications. Ditch the point solutions with Qualys Custom Assessment and Remediation, which allowing organizations to bring their own logic to identify and remediate unique risks. Organizations can consolidate at risk detection, prioritization, and remediation for first-party and third-party applications into one console with ease.

  • Build custom detection logic using a wide range of popular scripting languages including PowerShell, Python, Lua, Perl, and Shell

  • Build custom remediation logic to any risk detected in your environment including first party, home grown applications

  • Leverage Qualys library for pre-defined detection and remediation scripts and templates

  • Enrich the Qualys out-of-the-box signature library with custom-defined logic for nearly any zero-day threat, risk scenario, and home-grown application

  • Fully integrated with VMDR Knowledge Base, reporting and dashboards

  • Fully integrated with Policy Compliance (PC)

Qualys Detect and remediate vulnerabilities on your first-party applications | Qualys
Qualys Custom Assessment and Remediation: Scripts tab screenshot | Qualys

Measure, communicate, and eliminate risk from open-source components

Create a comprehensive inventory of open-source components mapped to production assets to:

  • Add a controlled, deep scan of the entire file system to find all open-source libraries

  • Create an inventory of all identified open-source libraries and versions

  • Scan all open source detected libraries against 15K+ open source related new vulnerabilities

  • Review and prioritize the results withing the familiar VMDR workflows

  • Create remediation logic and remediate open-source risk from within the same workflows

Qualys Custom Assessment and Remediation: Scripts tab screenshot | Qualys
Qualys Policy Compliance: Posture tab screenshot | Qualys

De-risk your unique environment at scale

Run your own logic anywhere the Qualys Cloud Agent is installed. Create a new script or customize a pre-defined one from the Qualys library and run the script on any device that has the Qualys Cloud Agent running.

  • Establish a central library of reusable scripts and pre-built script templates

  • Jumpstart script creation with Qualys pre-defined scripts and templates covering a wide range of dynamic categories

  • Simplify enterprise deployment and use with centralized management and distributed execution of scripts and controls wherever a Qualys Cloud Agent resides

  • Choose from a wide range of popular scripting languages including PowerShell, Python, Lua, Perl, and Shell. No custom scripting language or packaging methods required!

  • Integration with enterprise script repositories such as GitHub for use with existing script management tools

  • Support for testing and approval workflows to ensure safe deployment of scripts where needed

Qualys Policy Compliance: Posture tab screenshot | Qualys

Powered by Enterprise TruRisk Platform

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards to aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Centralized & customized

Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption and strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise’s single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.

Easy deployment

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, software to install, or databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.

See for yourself. Try Qualys for free.

Start your free trial today. No software to download or install. Email us or call us at 1 (800) 745-4355.