Scan Report Template

Give the template a title

Enter a title for easy identification.

Change the owner

We'll list users who can be the owner of this template. Don't see a particular user? The user may not be a valid owner because of their role or business unit. Click the Launch Help link to learn more about owners.

Make this template global

Share this report template with other users by making it global.

Are you a Manager? This template will be available to all users.

Are you a Unit Manager? This template will be available to all users in your business unit.

Report on Host Based Findings

Select this option to report on the latest vulnerability data from all of your scans. Each time you create a report, we'll automatically collect vulnerability data that we've indexed per host in your account.

Report on Scan Based Findings

Select this option to run a report based on saved scan results. Each time you create a report with this setting, you must manually select saved scan results to include in the report.

Include trend information in your report

You can compare the last two detections for each vulnerability or choose a timeframe (daily, weekly or monthly) and we'll analyze the vulnerability status for the timeframe selected.

Only include scan results from the specified time frame

Select this option to ensure that only vulnerability information gathered in the timeframe that you've specified is included in the report. If you do not select this option, vulnerability information for hosts that were last scanned prior to the report timeframe may be included.

Select hosts to report on

Select a combination of asset groups and IPs/ranges. When you enter asset groups, we'll report on all the IPs in the asset groups.

Select tags to report on

Add asset tags for the hosts you want to report on. We'll find all the hosts in your account that match your tag selection and include them in the report. Want to tag your hosts? Go to the Asset Management (AM) application to create and assign tags.

Resolve DNS association of an asset group

(Used to report on assets you've scanned by DNS hostname) When checked, assets with DNS names in scan results are compared against the DNS entries in asset groups. When a DNS name match is found assets are included in the scan report. By default we'll include all DNS hostnames, i.e. all assets resolved from each DNS name.

Include only the latest scanned DNS asset

(Resolve DNS association must be checked) When checked, only the last scanned asset is included in the report. This is useful in cases where you might have multiple asset entries in your account for the same DNS name.

Filter results for hosts with cloud agents

Hosts with cloud agents can have scan findings and agent findings. Tell us which findings you want to report on. Tip - Managers can choose to merge results from agents and scans at Users > Setup > Cloud Agent Setup.

Include a text summary (for the report)

When selected, we'll show the following summary info for the entire report: total vulnerabilities detected, overall security risk, business risk (for reports sorted by asset group), total vulnerabilities by status, total vulnerabilities by severity and top 5 vulnerability categories.

Display graphics in your report

Select each graph you want to see in the report. Note that some graphs are only available when trend information is included. Keep in mind that your filter settings will affect the data reflected in your graphs.

Choose a sorting method

Tell us how you want to organize the Detailed Results section of your report - by host, vulnerability, asset group, etc.

Choose the CVSS version

Tell us which CVSS version score you want to display in the reports. Selecting All will display scores for both CVSS versions.

Display details for hosts with cloud agents

Include identifying information for each host agent like the asset ID and related IPs (IPv4, IPv6 and MAC addresses). These options must also be selected: Host Based Findings and Sort by Host.

Display information for cloud instances

Include metadata information at the host level for each cloud instance. These options must also be selected: Host Based Findings and Sort by Host.

Include a text summary (in Detailed Results)

When selected, we'll show the following summary info for each host, vulnerability, asset group, etc (depending on the sorting method you selected): total vulnerabilities detected, the security risk, the business risk (for reports sorted by asset group), total vulnerabilities by status, total vulnerabilities by severity and top 5 vulnerability categories.

Vulnerability Details

Include additional details for each vulnerability in the report. You get to pick and choose the details that are important to you.

Threat

Include a description of the threat.

Impact

Include possible consequences that may occur if the vulnerability is exploited.

Solution: Patches and Workarounds

Include a verified solution to remedy the issue, such as a link to the vendor's patch, Web site, or a workaround.

Solution: Virtual Patches and Mitigating Controls

Include virtual patch information correlated with the vulnerability, obtained from Trend Micro real-time feeds.

Compliance

Include compliance information correlated with the vulnerability.

Exploitability

Include exploitability information correlated with the vulnerability, includes references to known exploits and related security resources.

Associated Malware

Include malware information correlated with the vulnerability, obtained from the Trend Micro Threat Encyclopedia.

Results

Include specific scan test results for each host, when available. We'll also show the date the vulnerability was first detected, last detected and the number of times it was detected.

Reopened

Include the date/time a vulnerability was first reopened, last reopened, and the number of times it was reopened. A vulnerability is reopened when it was verified as fixed by the previous scan and is detected by a new scan.

Appendix

This section shows more information like IPs in your report target that don't have any scan results, and IPs that were scanned but results are not shown (no vulnerabilities were detected or all vulnerabilities were filtered out).

Selective Vulnerability Reporting

Select Custom to filter your reports to specific QIDs (add static search lists) or to QIDs that match certain criteria (add dynamic search lists). For example, maybe you only want to report on vulnerabilities with severity 4 or 5. Tip - Exclude QIDs that you don't want in the report.

Filter hosts by OS

Filter hosts in your report based on the host's operating system. For example, to only report on Linux hosts make sure only Linux is selected. Tip - Use the Select/Deselect All option to quickly select or clear all operating systems.

Filter vulnerabilities by status

Filter vulnerabilities in your report based on the current vulnerability status - New, Active, Re-Opened or Fixed. These filters are only applicable for Host Based Findings report.

Filter vulnerabilities by state

In a new scan report template you'll only see active confirmed vulnerabilities. If you want to see more vulnerabilities including potential and information gathered select filters here.

Select filters for active vulnerabilities, disabled vulnerabilities (QID was disabled by a Manager from the KnowledgeBase) and ignored vulnerabilities (QID was ignored by a user on a particular host and port).

Non-running kernels (Linux)

It's possible that multiple kernels are detected on a single Linux host and we'll report all vulnerabilities found on all Linux kernels. Choose "Display non-running kernels" to list all vulnerabilities found on non-running kernels. Choose "Exclude non-running kernels" to filter them out. Only 1 option may be selected at a time.

Exclude non-running services

We may detect software on a host that is considered vulnerable, however the port/service associated with the vulnerability is not present or running on the host. This filter applies only to certain QIDs. Use this filter to only report vulnerabilities found where the port/service is running.

Exclude QIDs not exploitable due to configuration

We may detect software on a host that is considered vulnerable, however there’s a specific configuration present on the host that makes it not exploitable. This filter applies only to certain QIDs and configurations. Use this filter to exclude the vulnerabilities that have these configurations in place.

Exclude superseded Microsoft patches

A missing patch is identified by a QID like any other vulnerability. By default, we'll report all missing Microsoft patches (even those that have been superseded by newer patches) unless you select this option. This filter applies only to OS level patch QIDs, and only when Host Based Findings is selected in this template (on Findings tab).

Filter vulnerabilities by category

For example, if you're only interested in Windows vulnerabilities make sure this is the only category selected. Tip - Use the Select/Deselect All option to quickly select or clear all categories.

Flag services

Flag specific services as either "required" or "unauthorized". We'll report these QIDs: 38228 (when a required service is NOT detected) and 38175 (when an unauthorized service is detected). Tip - Make sure these QIDs are included in the report.

Flag ports

Flag specific ports as either "required" or "unauthorized". We'll report these QIDs: 82051 (when a required port is NOT detected) and 82043 (when an unauthorized port is detected). Tip - Make sure these QIDs are included in the report.

Share reports with other users

This section lets you share reports with users who wouldn't already have access to them. Each user you add will be able to view reports generated from this template even if they don't have access to the IPs in the report.

Custom PCI Ranking

This section lets you customize PCI risk ranking calculation in your reports. Qualys uses the rankings High, Medium, Low. When Custom PCI Ranking is OFF (disabled) we'll use the same CVSS scores as required for ASV external scans. Ready to customize the rankings? Just set to ON and then use the scale to move the High and Medium markers to set new CVSS scores.