Here's some best practices and tips for successful authenticated scanning using Qualys.
We strongly recommend you create one or more dedicated user accounts to be used solely by the Qualys Cloud Platform to authenticate to your target hosts.
For some technologies you'll need to be sure target hosts have proper configuration for authenticated scans. You'll see these requirements and/or link to a document with setup instructions for the various record types and APIs.
A maximum of 1,000 authentication records can be processed per request. If the requested list identifies more than 1,000 authentication records, then the XML output includes the <WARNING> element and instructions for making another request for the next batch of records.
You have the option to define third party vaults for retrieval of passwords and other security data, depending on vault, at scan time. We frequently update our list of supported vaults.
Looking for a listing of supported vaults and retrieval capabilities? Simply review our latest Vault Support Matrix