Scan for Vulnerabilities
Vulnerability scanning allows you to continuously detect software vulnerabilities across your network. Quickly scan for known vulnerabilities on your assets and get recommended fixes.
New to scanning?
You'll want to think about what you want to scan and how you want to do it. We suggest you review the content in Scanning - The Basics for recommended first steps, common terms, and things to think about before you get started.
It's common for organizations to use a mix of scanner appliances and cloud agents to meet their vulnerability assessment needs.
Get Started
Jump to a section below for steps to get started when you're scanning using a cloud agent or using a scanner:
Using a Cloud Agent
Using a Scanner
Using a Cloud Agent
Qualys Cloud Agents provide fully authenticated on-asset scanning. There are only a few steps to install agents on your hosts, and then you'll get continuous security updates through the cloud.
You need an activation key to install cloud agents. The activation key provides a way to group agents and bind them to your account. During key creation, you can provision the key for Vulnerability Management (and other modules) to automatically activate new agents for vulnerability scanning. After you generate the key, you'll see a list of installers for supported Operating Systems. Download the agent installer and follow the instructions on the screen to run the installer on your host to install the agent.
Agents have a default configuration and this controls how agents behave. You can change the agent configuration by creating configuration profiles. A configuration profile includes agent configuration settings, such as blackout windows, scan intervals, performance tuning, agent scan merge, and much more.
Using a Scanner
Use local scanner appliances to scan your internal network. There are some steps you'll need to complete to get ready for scanning. When you're done with these steps, proceed to start your scan, then check the scan status and finally view the scan results.
You can add multiple appliances to suit your scanning needs, including a mix of physical, virtual, and offline scanner appliances.
To fix vulnerabilities, you must first understand what assets (servers, desktops, devices, etc) you have in your network. Once you know what you have, add them to your account by IP address (under Assets > Host Assets) so you can scan them. Not sure what you have? Run maps to discover your assets and use workflows in map results to add discovered assets to your account.
For vulnerability scanning, authentication is not required but it is recommended. Using authentication allows our service to log in to each target system during scanning to perform in depth security assessment and get better visibility into each system's security posture.
You can skip this step if you plan to run Complete scans where we check for all vulnerabilities applicable to each target host. There may be times, however, when you want to limit scans to a smaller set of vulnerabilities. To do this, you'll need to set up search lists, and then add those search lists to your scan option profile.
An option profile includes the scan settings that you'll apply to a scan job, such as whether to run a complete or custom scan, whether to use authentication, which ports to scan, and much more.
Start Your Scan
(Applicable when using a scanner.) Now that you have everything set up (assets, scanners, option profiles, authentication records, etc), you're ready to scan. There are different types of vulnerability scans you can run depending on the scan target.
Go to VM/VMDR > Scans > Scans > New menu to see the types of vulnerability scans available in your subscription. You can also schedule scans if you want scans to run on a recurring basis or at a later time.
Note - Some of the scan types listed below may not be enabled for your subscription.
Vulnerability Scan - Launch a vulnerability scan on your host assets to identify vulnerabilities and understand your security risk.
EC2 Scan - Scan internal EC2 instances using a virtual scanner appliance.
Cloud Perimeter Scan - Scan the public DNS or IP of your EC2 or Azure instances using Qualys External scanners.
CertView Scan - Scan hosts that are part of your CertView license.
Cloud CertView Scan - Scan EC2 hosts that are activated for CertView Scanning.
OT Device Scan - Scan the OT assets in your subscription.
Scan Schedules - Schedule your scans to run on a recurring basis or at a later time.
Check Scan Status
(Applicable when using a scanner.) You can return to the Scans list any time to check on the scan status. You'll see status icons next to each scan in the list to indicate if the scan is Running, Finished, Paused, etc. Select any scan row and view the Preview pane below the list for more scan summary details.
Learn more about scan status >>
View Scan Results
(Applicable when using a scanner.) When your scan is Finished, go to the Scans list and select View from the Quick Actions menu to see the detailed results. Download scan results by selecting Download from the Quick Actions menu.
Learn more about scan results >>
Additional References
See these additional links to learn more about scanning.
Scanning - The Basics - Get help with scan targets, best practices, scan options, and common terms.
Manage Your Scans - Learn how to check your scan's progress, view and download scan results, cancel scans, plus much more.
Download the Scans List - You can download any data list within the UI in order to view your configurations outside of the product.
Do you have AGMS?
Please see the AGMS Help to understand changes you'll see when Asset Group Management Service (AGMS) is enabled for your subscription.
Scan Troubleshooting and Best practices
Check these additional links to learn about scan troubleshooting & scanning best practices.
Watch Videos
Check out this video:
Also, explore the following video series to learn more:
VMDR | VM | AWS EC2 | More Qualys Training Videos
