Enter a title for easy identification.
We'll list users who can be the owner of this template. Don't see a particular user? The user may not be a valid owner because of their role or business unit. Click the Launch Help link to learn more about owners.
Share this report template with other users by making it global.
Are you a Manager? This template will be available to all users.
Are you a Unit Manager? This template will be available to all users in your business unit.
Select this option to report on the latest vulnerability data from all of your scans. Each time you create a report, we'll automatically collect vulnerability data that we've indexed per host in your account.
Select this option to run a report based on saved scan results. Each time you create a report with this setting, you must manually select saved scan results to include in the report.
You can compare the last two detections for each vulnerability or choose a timeframe (daily, weekly or monthly) and we'll analyze the vulnerability status for the timeframe selected.
Select this option to ensure that only vulnerability information gathered in the timeframe that you've specified is included in the report. If you do not select this option, vulnerability information for hosts that were last scanned prior to the report timeframe may be included.
Select a combination of asset groups and IPs/ranges. When you enter asset groups, we'll report on all the IPs in the asset groups.
(Used to report on assets you've scanned by DNS hostname) When checked, assets with DNS names in scan results are compared against the DNS entries in asset groups. When a DNS name match is found assets are included in the scan report. By default we'll include all DNS hostnames, i.e. all assets resolved from each DNS name.
(Resolve DNS association must be checked) When checked, only the last scanned asset is included in the report. This is useful in cases where you might have multiple asset entries in your account for the same DNS name.
Hosts with cloud agents can have scan findings and agent findings. Tell us which findings you want to report on. Tip - Managers can choose to merge results from agents and scans at Users > Setup > Cloud Agent Setup.
When selected, we'll show the following summary info for the entire report: total vulnerabilities detected, overall security risk, business risk (for reports sorted by asset group), total vulnerabilities by status, total vulnerabilities by severity and top 5 vulnerability categories.
Select each graph you want to see in the report. Note that some graphs are only available when trend information is included. Keep in mind that your filter settings will affect the data reflected in your graphs.
Tell us how you want to organize the Detailed Results section of your report - by host, vulnerability, asset group, etc.
Tell us which CVSS version score you want to display in the reports. Selecting All will display scores for both CVSS versions.
Include identifying information for each host agent like the asset ID and related IPs (IPv4, IPv6 and MAC addresses). These options must also be selected: Host Based Findings and Sort by Host.
Include metadata information at the host level for each cloud instance. These options must also be selected: Host Based Findings and Sort by Host.
When selected, we'll show the following summary info for each host, vulnerability, asset group, etc (depending on the sorting method you selected): total vulnerabilities detected, the security risk, the business risk (for reports sorted by asset group), total vulnerabilities by status, total vulnerabilities by severity and top 5 vulnerability categories.
Include additional details for each vulnerability in the report. You get to pick and choose the details that are important to you.
Include a description of the threat.
Include possible consequences that may occur if the vulnerability is exploited.
Include a verified solution to remedy the issue, such as a link to the vendor's patch, Web site, or a workaround.
Include virtual patch information correlated with the vulnerability, obtained from Trend Micro real-time feeds.
Include compliance information correlated with the vulnerability.
Include exploitability information correlated with the vulnerability, includes references to known exploits and related security resources.
Include malware information correlated with the vulnerability, obtained from the Trend Micro Threat Encyclopedia.
Include specific scan test results for each host, when available. We'll also show the date the vulnerability was first detected, last detected and the number of times it was detected.
Include the date/time a vulnerability was first reopened, last reopened, and the number of times it was reopened. A vulnerability is reopened when it was verified as fixed by the previous scan and is detected by a new scan.
This section shows more information like IPs in your report target that don't have any scan results, and IPs that were scanned but results are not shown (no vulnerabilities were detected or all vulnerabilities were filtered out).
Select Custom to filter your reports to specific QIDs (add static search lists) or to QIDs that match certain criteria (add dynamic search lists). For example, maybe you only want to report on vulnerabilities with severity 4 or 5. Tip - Exclude QIDs that you don't want in the report.
Filter hosts in your report based on the host's operating system. For example, to only report on Linux hosts make sure only Linux is selected. Tip - Use the Select/Deselect All option to quickly select or clear all operating systems.
Filter vulnerabilities in your report based on the current vulnerability status - New, Active, Re-Opened or Fixed. These filters are only applicable for Host Based Findings report.
In a new scan report template you'll only see active confirmed vulnerabilities. If you want to see more vulnerabilities including potential and information gathered select filters here.
Select filters for active vulnerabilities, disabled vulnerabilities (QID was disabled by a Manager from the KnowledgeBase) and ignored vulnerabilities (QID was ignored by a user on a particular host and port).
It's possible that multiple kernels are detected on a single Linux host and we'll report all vulnerabilities found on all Linux kernels. Choose "Display non-running kernels" to list all vulnerabilities found on non-running kernels. Choose "Exclude non-running kernels" to filter them out. Only 1 option may be selected at a time.
We may detect software on a host that is considered vulnerable, however the port/service associated with the vulnerability is not present or running on the host. This filter applies only to certain QIDs. Use this filter to only report vulnerabilities found where the port/service is running.
We may detect software on a host that is considered vulnerable, however there’s a specific configuration present on the host that makes it not exploitable. This filter applies only to certain QIDs and configurations. Use this filter to exclude the vulnerabilities that have these configurations in place.
A missing patch is identified by a QID like any other vulnerability. By default, we'll report all missing Microsoft patches (even those that have been superseded by newer patches) unless you select this option. This filter applies only to OS level patch QIDs, and only when Host Based Findings is selected in this template (on Findings tab).
For example, if you're only interested in Windows vulnerabilities make sure this is the only category selected. Tip - Use the Select/Deselect All option to quickly select or clear all categories.
Flag specific services as either "required" or "unauthorized". We'll report these QIDs: 38228 (when a required service is NOT detected) and 38175 (when an unauthorized service is detected). Tip - Make sure these QIDs are included in the report.
Flag specific ports as either "required" or "unauthorized". We'll report these QIDs: 82051 (when a required port is NOT detected) and 82043 (when an unauthorized port is detected). Tip - Make sure these QIDs are included in the report.
This section lets you share reports with users who wouldn't already have access to them. Each user you add will be able to view reports generated from this template even if they don't have access to the IPs in the report.
This section lets you customize PCI risk ranking calculation in your reports. Qualys uses the rankings High, Medium, Low. When Custom PCI Ranking is OFF (disabled) we'll use the same CVSS scores as required for ASV external scans. Ready to customize the rankings? Just set to ON and then use the scale to move the High and Medium markers to set new CVSS scores.