All Collections
S2ORG
Other
Qualys Scanning Guide
Qualys Scanning Guide

Vulnerability Scanning Guidance

Caitlin Fox avatar
Written by Caitlin Fox
Updated over a week ago

Within the S2Org assessment, there’s the option to ingest and process vulnerability scanning data from your network. The scan requirement can be disabled; however, you are highly encouraged to perform the scan to ensure the most accurate and complete S2Score.

Index

Qualys Consultant /MSP Cloud Scanner

Qualys VM is a cloud-based vulnerability scanner, which can conduct external scans from its own hosted cloud servers and can also scan your internal network using a Virtual Scanner or Scanner appliance that is managed in the Cloud-based user interface (UI).

To start scanning for vulnerabilities you should log into your control panel UI:

Upon logging in, you will arrive at the My Scans dashboard.

How scans are performed is a matter of preference and convenience.

Methods of Scanning

There are two common methods for scanning with Qualys Professional, both with several variations according to capabilities and preference.

External Scans

To conduct External Scans, there is no additional appliances or virtual scanners that you will need to install. You can simply start your Vulnerability Scans (skip to Step 6 below).

Internal Scans Using Local Virtual Scanner

Local onsite scanning consists of Qualys running on a Virtual Scanner that is local, on the network being scanned, or on a subnet that it is logically connected.

As an alternative, you can also purchase and install a physical scanner appliance from Qualys and use that to manage internal scans from the Cloud UI. However, most security professionals use the downloadable OVA image that the following instructions show you how to create and download, and the Virtual Server, that once installed in your VM Environment, is linked back to your Qualys Cloud UI using a “Personalization Code.”

  1. Log in to Qualys

  2. Go to the Vulnerability Management module

  3. Click on the white Scans tab in the header

  4. Click on the blue Appliances tab below

  5. On the far left, click on the New dropdown and select Virtual Scanner Appliance

    A pop-up window will appear.

  6. Click the Start Wizard button under the Get Started option. A new pop-up window will appear

  7. Type in the name of your virtual scanner (typically your client name) into the Virtual Scanner Name text field box

  8. Click on the Choose a Virtualization Platform dropdown and make a selection (most common is the VMware ESXi, vCenter Server (standard))

  9. Click Next button. This will create your OVA download image in your computer’s Downloads folder. Give this to your client to install in their VM environment.

  10. In the new pop-up window, scroll down and complete the instructions for the installation of the OVA

  11. Click Next button

  12. After you have completed downloading your image, refresh you Appliances dashboard. You will now see a Personalization Code, which you should encrypt and send to your client. They will use this for the install on their side

Vulnerability Scans

First, determine how you will perform your vulnerability scan, whether on premise or remotely.

Set Up Host Assets (Target IP Addresses)

Qualys requires that you first configure Host Assets, which are your IP addresses or range of IP addresses. In the next section you will assign them to common names for client and vLAN identification purposes.

  1. Go to the Vulnerability Management module

  2. Click on the white Assets tab in the header

  3. Click on the blue Host Assets tab below

  4. On the far left, click on the New dropdown and select IP Tracked Hosts

    A pop-up window will appear.

  5. Click on the Host IPs tab

  6. Enter your IPs or range of IPs in the IPs text box

  7. Click the Add button

Set up Asset Groups (Named Logical Groups of Target IP Addresses)

  1. Go to the Vulnerability Management module

  2. Click on the white Assets tab in the header

  3. Click on the blue Asset Groups tab below In the new

  4. On the far left, click on the New dropdown and select Asset Group. A pop-up will appear

  5. Click on the Asset Group Title tab

  6. Click on the Title text field and create a name for the Asset Group (e.g. Internal ServervLAN, or External DMZ)

  7. Click on the IPs tab

  8. In the text box, enter the IPs or range of IPs

  9. Click the Save button

Schedule Scans

Now you are ready to schedule your first scan.

  1. Go to the Vulnerability Management module

  2. Click on the white Scans tab in the header

  3. Click on the blue Scans tab below

  4. On the far left, click on the New dropdown and select Scan

    A pop-up will appear.

  5. Click on the Task Title tab

  6. Click on the Title text field and give your scan a name (e.g. January 2022 External Scan)

  7. Click on the Target Hosts tab

  8. Click on Asset Groups text field and enter the name of the Asset Group

  9. Click on the Scheduling tab

  10. Select the date/time of scan

  11. Click the Save button

Set up Report XML Template for S2Org

  1. Go to the Vulnerability Management module

  2. Click on the white Reports tab in the header

  3. Click on the blue Templates tab below

  4. On the far left, click on the New dropdown and select Scan Template

    A pop-up will appear.

  5. Click on the Report Title tab

  6. Click on the Title text field and give your report the title SecurityStudio XML Scan Reports

  7. Click on the Display tab

  8. Check the CVSS dropdown is selected for All

  9. Scroll down to the section Include the following detailed results in the report and check the box for Vulnerability Details

  10. Click the Save button

Generate XML Report for S2Org

  1. Go to the Vulnerability Management module

  2. Click on the white Reports tab in the header

  3. Click on the blue Reports tab below

  4. On the far left, click on the New dropdown and select Scan Report and then Template Based

    A pop-up will appear.

  5. Click on the Title text field and give your report a name

  6. Click on the Report Template field and select SecurityStudio XML Scan Reports

  7. Click on the Report Format and select Extensible Markup Language (XML)

  8. Click the Next button

  9. The select the scan you ran earlier

Upload to S2Org

Uploading vulnerability scans is simple with SecurityStudio. First, login to SecurityStudio and find the organization’s assessment corresponding to your vulnerability scan.

  1. Navigate to S2Org > Assessment > Current

  2. Click the Assessment tab and scroll down to Phase 3 - Internal Technical Controls

  3. Click the Internal Scan Data button

  4. Click Add button

  5. Locate the file(s) exported from your Qualys vulnerability scan and click Open button. The file(s) will upload, and a % complete indicator will display

  6. Once the file(s) upload is complete, the status will change to Processing

  7. Once the scan has completed processing in SecurityStudio, the status will change to Processed and you can review the results

  8. Click Mark As Complete and the results of SecurityStudio’s processing will be displayed

  9. Click Close button

  10. Repeat for Phase 4 - External Technical Controls

PLEASE NOTE: If you need to edit the scan file processing, you can do so by clicking the Edit button. This will enable you to add more scan files, download the existing scan file, or delete the scan file altogether (if the wrong scan file was used or the scan needs to be replaced for some reason.

Did this answer your question?