Qualys generates detailed, easy-to-comprehend customizable reports which may be exported to HTML, MHT, PDF, CSV, and XML formats. The following types of reports can be generated:
There are multiple pre-defined scan reports that simplify report generation and provide immediate access to your most critical vulnerability information. These reports are available to you at any time:
Each vulnerability and possible threat is assigned a severity level. The following table describes the five (5) severity levels for vulnerabilities and potential vulnerabilities.
|Minimal||Intruders can collect information about the host (open ports, services, etc.) and may be able to use this information to find other vulnerabilities.|
|Medium||Intruders may be able to collect sensitive information from the host, such as the precise version of software installed. With this information, intruders can easily exploit known vulnerabilities specific to software versions.|
|Serious||Intruders may be able to gain access to specific information stored on the host, including security settings. This could result in potential misuse of the host by intruders. For example, vulnerabilities at this level may include partial disclosure of file contents, access to certain files on the host, directory browsing, disclosure of filtering rules and security mechanisms, denial of service attacks, and unauthorized use of services, such as mail-relaying.|
|Critical||Intruders can possibly gain control of the host, or there may be potential leakage of highly sensitive information. For example, vulnerabilities at this level may include full read access to files, potential backdoors, or a listing of all the users on the host.|
|Urgent||Intruders can easily gain control of the host, which can lead to the compromise of your entire network security. For example, vulnerabilities at this level may include full read and write access to files, remote execution of commands, and the presence of backdoors.|
Figure 2 – Definition of Vulnerability Severity Levels
Qualys’ distributed management capabilities enable enterprises to delegate vulnerability management tasks to many users within an enterprise, assigning a role with associated privileges to each user, while maintaining centralized control. Another benefit is the centralized reporting capabilities against the distributed scans performed. This functionality simplifies network security audits, facilitates policy compliance, and provides management with up-to-date reports of network security.
Yes. Users of the Qualys interface can choose to be notified via email each time an audit completes. These notifications provide valuable information about the scan or map, including a results summary and a secure link to the saved report. Upon creating user accounts within Qualys, the Manager who creates the account can choose, on a user-by-user basis, who receives email notifications based on specific criteria. These options can be changed at any time.
Subscriber information is stored on Qualys’ dedicated database servers, which are protected from compromise by a defense-in-depth security architecture consisting of dedicated firewall and intrusion detection systems as well as a comprehensive set of encryption technologies. In addition, the servers are located in the center of multiple security rings on a private network that utilizes non-routable addresses. Information pulled from our databases by the subscriber is delivered via a secured 128-bit SSL connection. All subscriber data and reports are strongly encrypted in storage using a 128-bit AES encryption key that is unique to each customer. The customer key is not stored and is not accessible to Qualys or any of our employees.
For each vulnerability detected, Qualys reports detailed information, including:
Qualys reports can be customized so the user only views and/or prints the vulnerability assessment data that is of interest to them.
The Qualys solution has an embedded end-to-end remediation workflow function which can be used to assign remediation tickets and track closure status on a per host/vulnerability basis. Additionally, Qualys can be integrated with existing remediation workflow processes and technologies to provide remediation assistance.
Ticket creation and ticket state/status adjustments occur automatically, triggered by security assessment results. Tickets that have been resolved are immediately verified by Qualys upon the next vulnerability scan and closed if successfully fixed. Also, Managers can choose to permit manual ticket closure for vulnerabilities which represent acceptable business risk.
Remediation reports can be run anytime by any user with privilege to obtain the latest vulnerability status information and remediation progress.
A remediation policy determines the criteria required for a remediation ticket to be created. A remediation policy can be set up so that tickets are automatically created when vulnerabilities of a certain criticality are found on certain hosts. The remediation policy also determines to whom remediation tickets are assigned as well as the expected ticket resolution date.
The remediation workflow consists of a series of remediation policies. Each policy is evaluated and action is taken using a top-down, or first to last, process flow, therefore there can be several remediation policies for each host and/or each vulnerability. The first remediation policy that is a match in the workflow is processed and the rest are ignored, much like a firewall rule base.
The Qualys QIDs in the Vulnerability Knowledgebase can be searched and sorted so that ones appropriate to the compliance control can be identified.
Qualys offers a rich set of APIs (user manuals available at https://community.qualys.com/community/developer) that allow information in XML format to be pushed into Qualys or pulled from the service so that integrated solutions can be created. Sample Perl scripts have been created for customers that want to jump start an integration effort. These can be downloaded through the Qualys web interface.
Qualys Solution / Technology Partners describes integrations with over 30 best-of-breed security applications that include IDS, SIM or SEM solutions, penetration testing applications, and other software products.