Qualys Consultant is used for engagement-based services such as, but not limited to, vulnerability and security program assessments.
Qualys Consultant can be used by IT and Security auditors, individual consultants and consulting firms that provide 3rd party assessments.
Per the Qualys Consultant Service User Agreement, Qualys Consultant subscriptions cannot be used for scanning the network or any associated network of the company that purchased the subscription.
Qualys Consultant Professional Unlimited is to be used for ad-hoc or professional services engagements – not managed or continuous services. Consultant companies should resell Qualys to provide continuous managed services to their customers.
If Consultant customers want to provide a portal to their clients for requesting a specific type of scan (Vulnerability, Web Application, Policy Compliance, etc.) they must purchase Qualys Consultant Professional (QCP) Pay per Scan package(s) alongside the API. QCP Unlimited is restricted to engagement-based scanning.
No clients of the Qualys Consultant customer should be provided direct or indirect access to the consultant’s Qualys Cloud Platform instance or have any type of user account. The Qualys API should not be used to create a custom portal for clients to have access to features.
Consultant customers are direct customers of Qualys, who is an approved ASV vendor, but the clients of the Qualys Consultant customer are not; therefore, consultants are not permitted to submit external scans for Qualys PCI ASV validation on behalf of their clients.
Qualys Consultant provides you the ability to scan any host with a local virtual scanner that you can deploy on your own laptop. Qualys Consultant Professional provides you the ability to use our Qualys Cloud Platform to scan external hosts and also scan internal networks by deploying virtual or physical scanners to any customer without having the limitations of your own laptop.