Within the S2Org assessment, there’s the option to ingest and process vulnerability scanning data from your client's network. The scan requirement can be disabled; however, you are highly encouraged to perform the scan to ensure the most accurate and complete S2Score for your client.
Index
Qualys Consultant /MSP Cloud Scanner
Qualys VM is a cloud-based vulnerability scanner, which can conduct external scans from its own hosted cloud servers and can also scan your internal network using a Virtual Scanner or Scanner appliance that is managed in the Cloud-based user interface (UI).
To start scanning for vulnerabilities you should log into your control panel UI:
Upon logging in, you will arrive at the My Scans dashboard.
How scans are performed is a matter of preference and convenience.
Methods of Scanning
There are two common methods for scanning with Qualys Professional, both with several variations according to capabilities and preference.
External Scans
To conduct External Scans, there is no additional appliances or virtual scanners that you will need to install. You can simply start your Vulnerability Scans (skip to Step 6 below).
Internal Scans Using Local Virtual Scanner
Local onsite scanning consists of Qualys running on a Virtual Scanner that is local, on the network being scanned, or on a subnet that it is logically connected.
As an alternative, you can also purchase and install a physical scanner appliance from Qualys and use that to manage internal scans from the Cloud UI. However, most security professionals use the downloadable OVA image that the following instructions show you how to create and download, and the Virtual Server, that once installed in your VM Environment, is linked back to your Qualys Cloud UI using a “Personalization Code.”
Log in to Qualys
Go to the Vulnerability Management module
Click on the white Scans tab in the header
Click on the blue Appliances tab below
On the far left, click on the New dropdown and select Virtual Scanner Appliance
A pop-up window will appear.
Click the Start Wizard button under the Get Started option. A new pop-up window will appear
Type in the name of your virtual scanner (typically your client name) into the Virtual Scanner Name text field box
Click on the Choose a Virtualization Platform dropdown and make a selection (most common is the VMware ESXi, vCenter Server (standard))
Click Next button. This will create your OVA download image in your computer’s Downloads folder. Give this to your client to install in their VM environment.
In the new pop-up window, scroll down and complete the instructions for the installation of the OVA
Click Next button
After you have completed downloading your image, refresh you Appliances dashboard. You will now see a Personalization Code, which you should encrypt and send to your client. They will use this for the install on their side
Vulnerability Scans
First, determine how you will perform your vulnerability scan, whether on premise or remotely.
Set Up Host Assets (Target IP Addresses)
Qualys requires that you first configure Host Assets, which are your IP addresses or range of IP addresses. In the next section you will assign them to common names for client and vLAN identification purposes.
Go to the Vulnerability Management module
Click on the white Assets tab in the header
Click on the blue Host Assets tab below
On the far left, click on the New dropdown and select IP Tracked Hosts
A pop-up window will appear.
Click on the Host IPs tab
Enter your IPs or range of IPs in the IPs text box
Click the Add button
Set up Asset Groups (Named Logical Groups of Target IP Addresses)
Go to the Vulnerability Management module
Click on the white Assets tab in the header
Click on the blue Asset Groups tab below In the new
On the far left, click on the New dropdown and select Asset Group. A pop-up will appear
Click on the Asset Group Title tab
Click on the Title text field and create a name for the Asset Group (e.g. Internal ServervLAN, or External DMZ)
Click on the IPs tab
In the text box, enter the IPs or range of IPs
Click the Save button
Schedule Scans
Now you are ready to schedule your first scan.
Go to the Vulnerability Management module
Click on the white Scans tab in the header
Click on the blue Scans tab below
On the far left, click on the New dropdown and select Scan
A pop-up will appear.
Click on the Task Title tab
Click on the Title text field and give your scan a name (e.g. January 2022 External Scan)
Click on the Target Hosts tab
Click on Asset Groups text field and enter the name of the Asset Group
Click on the Scheduling tab
Select the date/time of scan
Click the Save button
Set up Report XML Template for S2Org
Go to the Vulnerability Management module
Click on the white Reports tab in the header
Click on the blue Templates tab below
On the far left, click on the New dropdown and select Scan Template
A pop-up will appear.
Click on the Report Title tab
Click on the Title text field and give your report the title SecurityStudio XML Scan Reports
Click on the Display tab
Check the CVSS dropdown is selected for All
Scroll down to the section Include the following detailed results in the report and check the box for Vulnerability Details
Click the Save button
Generate XML Report for S2Org
Go to the Vulnerability Management module
Click on the white Reports tab in the header
Click on the blue Reports tab below
On the far left, click on the New dropdown and select Scan Report and then Template Based
A pop-up will appear.
Click on the Title text field and give your report a name
Click on the Report Template field and select SecurityStudio XML Scan Reports
Click on the Report Format and select Extensible Markup Language (XML)
Click the Next button
The select the scan you ran earlier
Upload to S2Org
Uploading vulnerability scans is simple with SecurityStudio. First, login to SecurityStudio and find the organization’s assessment corresponding to your vulnerability scan.
Navigate to S2Org > Assessment > Current
Click the Assessment tab and scroll down to Phase 3 - Internal Technical Controls
Click the Internal Scan Data button
Click Add button
Locate the file(s) exported from your Qualys vulnerability scan and click Open button. The file(s) will upload, and a % complete indicator will display
Once the file(s) upload is complete, the status will change to Processing
Once the scan has completed processing in SecurityStudio, the status will change to Processed and you can review the results
Click Mark As Complete and the results of SecurityStudio’s processing will be displayed
Click Close button
Repeat for Phase 4 - External Technical Controls
PLEASE NOTE: If you need to edit the scan file processing, you can do so by clicking the Edit button. This will enable you to add more scan files, download the existing scan file, or delete the scan file altogether (if the wrong scan file was used or the scan needs to be replaced for some reason.