Cloud Platform
Contact us

Qualys Custom Assessment and Remediation

Empower security teams with custom automated workflows for enterprise security & compliance


With Qualys Custom Assessment and Remediation (CAR), we can quickly create reusable custom detections and remediations, including deploying custom configurations and applications. Since CAR is natively integrated into our Qualys Platform, we can leverage our existing security processes for vulnerability management and secure configuration rather than build ad-hoc processes when faced with urgent threats.

Gonz Gonzales Chief Information Security Officer at JG Summit Holdings, Inc.


Quickly create custom scripts and controls

Qualys Custom Assessment and Remediation allows security practitioners to quickly create and execute custom scripts and controls. Scripts are centrally managed and executed anywhere a Qualys Cloud Agent exists. The service creates a library of reusable scripts and security controls using the preferred scripting language for the task. Scripts are trackable within your existing Qualys vulnerability and compliance reports with the assignment of custom Qualys IDs (QIDs) and Control IDs (CIDs).

Execute custom assessments across the enterprise

With Qualys Custom Assessment and Remediation, it’s easy for security practitioners to create custom assessments via Qualys Cloud Platform’s asset inventory capabilities and historical security posture data across thousands of your network’s machines and devices - including custom applications. Custom scripts and controls allow teams to easily collect, evaluate, and validate security data across your network, clouds, and applications.

Immediately take action anywhere the Qualys Cloud Agent is present

The service lets you immediately take action anywhere the Qualys Cloud Agent is present. Custom scripts and controls let you directly remediate the security posture of any system or application, apply mitigations such as change configurations, close ports, delete files, shut down processes, and uninstall unwanted software anywhere across your environment.

Leverage the entire suite of Qualys Cloud Platform services

Qualys Custom Assessment and Remediation leverages the entire suite of Qualys Cloud Platform services and solutions. The service provides teams with unmatched insight and the ability to react in real time to urgent vulnerabilities and threats.

Automate workflows with custom scripting and controls

Legacy manual approaches to security are falling behind the continuous onslaught of modern threats. Automation is the best way to meet these threats. Qualys Custom Assessment and Remediation lets you automate tactical security workflows with custom scripts and controls that are seamlessly integrated with your existing vulnerability programs, security processes, and analytics.

  • Custom scripting and user-defined controls are integrated with all Qualys Cloud Platform services

  • Scripts and controls automate detection, tracking, and response to new zero-day vulnerabilities and immediate threats

  • Simplifies enterprise deployment and use with centralized management and distributed execution of scripts and controls wherever a Qualys Cloud Agent resides

  • Establishes a central library of reusable scripts and pre-built script templates

  • Choose from a wide range of popular scripting languages including PowerShell, Python, Lua, Perl, and Shell. No custom scripting language or packaging methods required!

  • Planned integration with enterprise script repositories such as GitHub for use with existing script management tools

Customize assessments of any asset in your enterprise

Rarely do generic security best practices and controls fit unique enterprise requirements out of the box. Security teams need flexibility to add and customize controls and processes for specific organizational needs. Qualys Custom Assessment and Remediation lets you avoid the overhead and complexity typically associated with customizing enterprise security assessments, detection, and response.

  • Quickly create and execute custom scripts and controls

  • A central library of reusable scripts and security controls accelerates action and avoids inventing new out-of-band processes and custom scripts

  • Trackable within your existing Qualys vulnerability and compliance reporting with the assignment of custom QIDs and CIDs

Take instant action against threats wherever the Qualys Cloud Agent resides

The number one security concern of any enterprise is the ability to immediately respond to urgent threats. Response and mitigation time is often hampered as security teams don’t have direct access to ITSM tools. Silos impede an organization’s ability to respond to risks and extend time to remediate. Qualys Custom Assessment and Remediation accelerates mean-time-to-remediation (MTTR) with instant response to keep your enterprise secure.

  • Automates otherwise manual processes such as collecting data, evaluating data, gathering and synthesizing relevant third-party threat intelligence feeds, updating configurations, shutting down vulnerable ports, and activating endpoint tools

  • Puts vulnerabilities in context of your entire IT, cloud, and application estates to focus action on material threats

  • Automates mitigation in custom in-house applications, including apps with open-source code

  • Consistent rollout of mitigations and fixes across hundreds or thousands of applications and endpoints

Automate custom workflows for all services in Qualys Cloud Platform

Qualys Custom Assessment and Remediation is enterprise-ready, providing native integration and orchestration across all Qualys Cloud Platform services.

  • Scripts activate and access the complete range of platform services such as Patch Management; Vulnerability Management, Detection and Response; Policy Compliance; CyberSecurity Assess Management; Multi-Vector EDR; and Context XDR

  • Built-in Script Testing Sandbox enables controlled evaluation of script and control functionalities before deployment and use

  • Provides role-based access with built-in script approval workflows to ensure only the right people have access and authority to execute the scripts

Powered by Qualys Cloud Platform

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards to aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Centralized & customized

Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption and strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise’s single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.

Easy deployment

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, software to install, or databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.

See for yourself. Try Qualys for free.

Start your free trial today. No software to download or install. Email us or call us at 1 (800) 745-4355.