QualysGuard Quick Tour

download QualysGuard Quick Tour

of 42

Transcript of QualysGuard Quick Tour

  • 8/3/2019 QualysGuard Quick Tour

    1/42

    QUALYSGUARD

    QUICK TOURVERSION 6.10

    February 18, 2010

  • 8/3/2019 QualysGuard Quick Tour

    2/42

    Copyright 2007-2010 by Qualys, Inc. All Rights Reserved.

    Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc. All other trademarks are the property of

    their respective owners.

    Qualys, Inc.1600 Bridge ParkwayRedwood Shores, CA 940651 (650) 801 6100

  • 8/3/2019 QualysGuard Quick Tour

    3/42

    Contents

    QualysGuard Quick Tour 3

    Table of Contents

    Introducing QualysGuard ............................................................................... 4

    QualysGuard UI ...................................................................................................................................... 4

    QualysGuard Modules ........................................................................................................................... 5Your Account ........................................................................................................................................... 8A Look at How QualysGuard Works................................................................................................... 9

    Map................................................................................................................. 10

    Launch Maps.......................................................................................................................................... 10View Map Results ................................................................................................................................. 11Print and Download Map Results ...................................................................................................... 12View Map Results in Graphic Mode .................................................................................................. 13Perform Workflow Actions.................................................................................................................. 14Manage Approved Hosts ..................................................................................................................... 14

    Scan ................................................................................................................ 15Authentication Setup ............................................................................................................................ 15Launch Vulnerability Scans ................................................................................................................. 16View Scan Results ................................................................................................................................. 16Print and Download Scan Results ...................................................................................................... 18Current Host Information .................................................................................................................... 19Asset Search ........................................................................................................................................... 20Scan Settings .......................................................................................................................................... 21Launch Compliance Scans ................................................................................................................... 23Launch Web Application Scans .......................................................................................................... 23Launch FDCC Scans ............................................................................................................................. 23

    Schedule......................................................................................................... 24

    Report............................................................................................................. 26

    Report Templates Provided................................................................................................................. 27Report Share........................................................................................................................................... 28Launch New Report with Report Share............................................................................................. 29Report Storage with Report Share ...................................................................................................... 29Vulnerability Scorecard Reports ......................................................................................................... 31Custom Report Templates ................................................................................................................... 32

    Remediation................................................................................................... 34

    Payment Card Industry (PCI) Compliance................................................... 36

    Policy Compliance (PC) ................................................................................. 37

    Web Application Scanning (WAS) ............................................................... 39

    FDCC............................................................................................................... 41

    Contact Support ............................................................................................ 42

  • 8/3/2019 QualysGuard Quick Tour

    4/42

    Introducing QualysGuardQualysGuard UI

    4 QualysGuard Quick Tour

    Introducing QualysGuard

    Welcome to QualysGuard Security and Compliance Suite. QualysGuard is delivered on demandusing an innovative Software-as-a-Service (SaaS) approach that requires no software to install or

    manage.

    QualysGuard UI

    Heres a first glance at the QualysGuard UI. Youll notice the main application window has aconsistent look and feel throughout the application with distinct sections.

    A. Main Navigation Pane The Navigation pane (on the left) gives you access to distinctsections of the application where you can perform key tasks using primary features.

    B. Top Menu Bar Lists menus, module icons, your user login, and the logout link.

    C. Data List The data list changes dynamically for each section. See Searchable Data Lists.

    D. Preview Pane The preview pane provides a quick look at important details about a selecteditem in the data list.

    E. Open/Close Icons Click to open/close the navigation pane (vertical bar icon) and thepreview pane (horizontal bar icon). You can also take these actions using the View menu.

    A

    B

    C

    D

    E

  • 8/3/2019 QualysGuard Quick Tour

    5/42

    Introducing QualysGuardQualysGuard Modules

    QualysGuard Quick Tour 5

    The menu options shown in your account depend on the service modules enabled for yoursubscription and your individual account settings, including your user role. A Manager user hasfull rights, while other users (Unit Managers, Scanners, Readers, Auditors) have limited rights.

    Navigation Menu

    The Navigation menu is used to launch scans and view scan results,schedule scans to run sometime in the future or on a recurring schedule(daily, weekly, monthly), run reports on the scan data available in youraccount, manage exceptions for policy compliance, and perform othersecurity risk and analysis tasks.

    Tools Menu

    Tools for managing scan targets: Host Assets (for vulnerability scans andcompliance scans), Domain Assets (for network maps), and WebApplications (for web application scans).

    Tools for managing scan settings: Option Profiles identify scan settings(one profile is applied to each scan), Authentication records forauthenticated scans, Scanner Appliances for internal network scanningmay be available.

    Tools for asset and user management: User Accounts have assigned userroles (one per account) and access privileges. Asset Groups and Business

    Units identify logical groupings of users and assets.Tools for viewing and searching resources: KnowledgeBase identifiesvulnerabilities, Controls identifies compliance controls.

    The Activity Log identifies user actions recorded for the account.

    QualysGuard Modules

    The QualysGuard Security and Compliance Suite consists of multiple service modules. A red lockappears when a module is enabled for your subscription.

    Vulnerability Management (VM) module is enabled

    Payment Card Industry (PCI) Compliance module is enabled

    Policy Compliance (PC) module is enabledFDCC module may be enabled (optional)

    Web Application Scanning (WAS) module is enabled

  • 8/3/2019 QualysGuard Quick Tour

    6/42

    Introducing QualysGuardQualysGuard Modules

    6 QualysGuard Quick Tour

    Searchable Data Lists

    Searchable data lists allow you to easily find and take action on data in your account.

    Actionable Columns. The data list columns display current, context sensitive information thatsactionable. Click to view a data list item. For example when you click for an item on the

    the scan history list, youll see the scan results for a completed task or the scan status summaryfor a running task. To cancel a running scan, click . You can take other actions appropriate forother data lists. For example, when viewing many data lists, click in the Edit column to edit adata list item, like a report template or schedule. In many data lists you can click in the Infocolumn to view information on a data list item.

    View Options. Using the View menu you can customize the data list view to deselect columns,sort by a particular column, make the data list page longer by adding more rows, and select aquick filter to restrict the data list content. Changes you make to a particular data list are stickyacross sessions.

    Select column titles to add/remove them from the data list.

    If you select My Scans the filter appears in the data list title.

    Navigation Options. The controls in the upper right corner of the data list allow you to navigatethrough pages. Use the page selector drop-down menu to jump to a data list page with a range of

    items. The right and left arrows take you to the next page, previous page, first and last page.

  • 8/3/2019 QualysGuard Quick Tour

    7/42

    Introducing QualysGuardQualysGuard Modules

    QualysGuard Quick Tour 7

    Search Options. Select Search on the top menu bar to search the data list that is currentlydisplayed. The search options appear in a pop-up window so that you do not lose your placewhile using the data list. The search options are context sensitive, and thus are different for eachdata list. For example, when viewing the scan history list with your saved scans, the Searchpop-up displays scan related search options.

    Actions. Take action on selected items using the check boxes in the left column. Selected itemsare highlighted for easy identification. The item tracker in the lower left corner of the windowidentifies selections like this: 20 of 42 items shown, 5 selected. You can jump to multiple pagesand select multiple items. After selecting items, select an action from the Actions drop-downmenu and click Apply.

    Layout Options. The Open/Close layout options allow you to control the real estate in theapplication window. Toggle these options using the Open/Close icons (see below), or by going toView>Layout and selecting an option. When the preview pane is open, fewer items are visiblein the data list (see below). When the navigation pane is open, the menu titles appear in the leftNavigation pane; and when closed, icons appear instead of titles.

    Download Option. You can download data lists to these formats: CSV, XML, ZIP and MHT. Todownload a data list, go to New>Download on the top menu bar, and then select a format.

    Item Tracker

    Open/ClosePreview Pane

    Open/CloseNavigation Pane

  • 8/3/2019 QualysGuard Quick Tour

    8/42

    Introducing QualysGuardYour Account

    8 QualysGuard Quick Tour

    Your Account

    The Setup menu and Help menu are available at all times, from wherever you are in theapplication.

    The Setup menu gives you a central location to view and configure subscription-level settings.

    Manager users have the ability to make settings that affect all users in the same subscription.Also, the Setup menu gives you the ability to customize your own personal dashboard, specifyyour home page and change your password. The Home Page and Change Password options areavailable to all users.

    The Help menu provides several forms of assistance to ensure your success with QualysGuard,including online help options, a link to contact support, resources like user guides and APIsamples, account settings and current product versions.

  • 8/3/2019 QualysGuard Quick Tour

    9/42

    Introducing QualysGuardA Look at How QualysGuard Works

    QualysGuard Quick Tour 9

    A Look at How QualysGuard Works

    The following diagram depicts the QualysGuard Global Infrastructure for security andcompliance scanning.

    Security Operations Centers (SOCs) SOCs at remote locations provide secure storage andprocessing of vulnerability data on an n-tiered architecture of load-balanced application servers.All computers and racked equipment are isolated from other systems in a locked vault.

    Internet Scanners These scanners carry out perimeter scanning for customers. These scannersare located in various worldwide locations, and they communicate with our SOCs through secure(SSL) links. These remote scanners begin by building an inventory of protocols found on eachmachine undergoing an audit. After discovering the protocols, the scanner detects which portsare attached to services, such as Web servers, databases, and e-mail servers. At that point, thescanners initiate an inference-based assessment, based on target hosts.

    QualysGuard Scanner Appliances These client-side, plug-in devices are installed bycustomers, in a distributed manner, for global enterprise scanning behind the firewall. Theseappliances use a hardened operating-system kernel designed to prevent any attacks. Theyprovide secure communications with our SOCs, and they poll the SOCs for software updates andnew vulnerability signatures, and process job requests. They do not retain scan results; instead,the results are securely encrypted with unique customer keys, transmitted, and stored atredundant SOCs.

    Secure Web Interface Users interact with QualysGuard through its Secure Web Interface. Anystandard Web browser permits users to navigate the QualysGuard user interface, launch scans,examine audit report data, and manage the account. Secure communications are assured via

    HTTPS (SSLv3) encryption. All security and compliance report data is encrypted with uniquecustomer keys to guarantee confidentiality of information and make them unreadable by anyoneother than those with proper customer authorization.

  • 8/3/2019 QualysGuard Quick Tour

    10/42

    MapLaunch Maps

    10 QualysGuard Quick Tour

    Map

    The Map section is where you manage network maps in your account. From here, you can checkmap status, view and download saved maps and cancel maps in progress. Using the New menu,

    you can launch new on demand maps. Using the Search and View menus, you can customize themap history list.

    To view the Map section, select Map on the left menu. This is the starting point for map tasks.

    Launch Maps

    When the map history list is displayed you can launch a map. To launch a map, go to New>Map. The Launch Map page appears in a pop-up window.

  • 8/3/2019 QualysGuard Quick Tour

    11/42

    MapView Map Results

    QualysGuard Quick Tour 11

    Specify map task attributes including title, option profile containing map configuration settingsand target domains. Select a scanner appliance when youre mapping an internal network andthere are scanner appliances in your account.

    For the map target, users can specify any combination of assets, including domain names, IPsand/or IP ranges. When IPs are specified, the service uses an internal domain to process the map.

    In the case where there are multiple domains, each domain is processed as a separate map. Youcan cancel Queued and Running maps from the map history list.

    Click Launch to start the map. The map task appears instantly on the map history list in the mainwindow where you can track the status. The map status Queued indicates a map is waiting to

    be processed, and the status Running indicates a map is in progress. Click to cancel arunning map. When the map is complete, the map status changes to Finished and you can viewthe results.

    View Map Results

    To view map results, select Map on the left menu. From the map history list, click for the

    map you want to view. The map results appear in an HTML report with hosts sorted byIP address.

  • 8/3/2019 QualysGuard Quick Tour

    12/42

    MapPrint and Download Map Results

    12 QualysGuard Quick Tour

    Scroll down to the Results section to view results of the network discovery. The Results sectionprovides direct access to information on discovered hosts.

    View a list of open services on a host by clicking the right arrow next to the host. For eachservice detected, the discovery method that was used to identify the service is listedalong with the port the service was found to be running on.

    View host status at a glance using the indicators in the right columns: A approved hostfor the domain, S scannable host, already in subscription, L host was alive at the timeof the discovery, N host defined for the domains netblock.

    For a host already in your account, view detailed host information by clicking the IPaddress link provided. Host information includes host attributes and currentvulnerability information based on the latest host scan.

    Select hosts and take actions on them using the check boxes in the left column and theActions drop-down menu (at the top of the map results window). You can print anddownload map results, view map results in graphic mode, and perform workflowactions to manage hosts.

    Print and Download Map Results

    Print and download map results from the File menu in your report.

    To print your results, select File>Print. Your printed report will appear as it does online.

    To download your results, select File>Download. These download formats are available: PDF,ZIP, XML, MHT and CSV.

    You can generate custom map reports based on saved map data from the Report section. Mapreports are template-based so you can customize reports to best suit your needs. Report template

    settings allow you to specify how much information to include in a report and how you want thatinformation displayed. To learn more about map report templates, see the Report section.

  • 8/3/2019 QualysGuard Quick Tour

    13/42

    MapView Map Results in Graphic Mode

    QualysGuard Quick Tour 13

    View Map Results in Graphic Mode

    To view your map results in graphic mode, select View>Graphic Mode in your report. Thegraphic map appears in a separate window so you can still reference the HTML report.

    A sample graphical map is shown below.

    When you double click on any host, you will see a table with additional information about the

    discovered host, such as the operating system detected, the discovery method used to identify thehost, and whether the host is scannable. A host is considered scannable when it is available inyour account in the host assets list.

  • 8/3/2019 QualysGuard Quick Tour

    14/42

    MapPerform Workflow Actions

    14 QualysGuard Quick Tour

    Perform Workflow Actions

    Workflow actions appear in a drop-down menu at the top of the report. Workflow actions includeadding hosts to multiple asset groups and removing hosts from multiple asset groups. You canalso now purge hosts directly from your map results.

    To add hosts to one or more asset groups, select the check box next to each host you want to add,select Add to Asset Groups from the drop-down menu and then click Apply. A pop-up pageappears listing the asset groups in your account. Choose the asset groups you want to add theselected hosts to and then click Save. Note that you can also create a new asset group withselected hosts.

    To remove hosts from one or more asset groups, follow the same steps for adding hosts but selectRemove from Asset Groups from the drop-down menu.

    To purge hosts, select the check box next to each host you want to purge, select Purge from thedrop-down menu and then click Apply. Read the important information that appears on screenand click Purge again to confirm the action. Host information deleted includes information

    gathered on the host such as its host name and OS, remediation tickets for the host, andcomments added to the host. Once purged, host information does not appear in scan reports

    based on automatic host scan data and it is not recoverable. Note, however, scan results are notremoved.

    Manage Approved Hosts

    The approved hosts list includes hosts approved for a domain according to your security policy.When defined, this list is used to identify rogue devices in the Unknown Device Report.

    Managing approved hosts for domains in your account is done from the domain assets list.To configure an approved hosts list for a particular domain, select Domain Assets under Tools.

    Click for the domain youre interested in. If you are a Manager, the Edit Domain pageappears and you simply click Configure under Approved Hosts. When the Configure ApprovedHosts page appears, add IP addresses to the approved hosts list and follow the online prompts tosave this configuration for your account.

  • 8/3/2019 QualysGuard Quick Tour

    15/42

    ScanAuthentication Setup

    QualysGuard Quick Tour 15

    Scan

    The Scan section is where you manage vulnerability scans and compliance scans. From here youcan check scan status, view and download saved scan results, and pause or cancel scans in

    progress. Using the New menu, you can launch new scans. Using the Search and View menus,you can customize the scan history list.

    To view scans, select Scan on the left menu. The vulnerability scans and compliance scans inyour account appear. The Type is for a vulnerability scan and is for a compliance scan.

    (Other scan options may be available in your account. Select WAS Scan or FDCC Scanto manage other scans.)

    You can take actions on scans in the scan history list. Click to cancel a running scan. Clickto pause a running scan. For a paused scan, click to resume it. Click to relaunch a previousscan. (The pause, resume and relaunch features are not available for web application scans.)

    Authentication Setup

    Authentication to scan targets is required for compliance scans and optional for other scans.Before launching a scan, add authentication records for your account:

    For an IP based scan, go to the Authentication section and add records for authenticationtypes: Windows, Unix, Oracle, SNMP, and MS SQL Server (for compliance scans only).

    For a web application scan, go to Web Applications section and add records to the targetweb application for the authentication types: Form, NTLM, HTTP Basic, and Digest.

  • 8/3/2019 QualysGuard Quick Tour

    16/42

    ScanLaunch Vulnerability Scans

    16 QualysGuard Quick Tour

    Launch Vulnerability Scans

    When the scan history list is displayed you can launch a vulnerability scan. Go to New>Scan. Ifmultiple modules are enabled for your account, go to New>Scan>Vulnerability.

    Specify a title (optional) and scan task settings:

    Option Profile An Option Profile is a set of scan configuration settings. For an authenticatedvulnerability scan, the option profile you select must have authentication types enabled and theremust be corresponding authentication records defined for the selected types.

    Target Hosts Select target hosts for an IP based scan; these hosts must be defined in youraccount. Select a target web application for a web application scan.

    Scanner Appliance To scan your internal network, select a Scanner Appliance option.

    Click Launch to start the scan. The scan task appears instantly on the scan history list in the mainwindow where you can track the status. When the scan is complete, the scan status is Finished.

    View Scan Results

    From the scan history list, click for the finished scan you want to view. The scan resultsappear in an HTML report. Note that the service uses predefined settings for displaying scanresults and those settings are not customizable. To create custom reports, use report templates.

    The first section of your scan results includes a report summary.

  • 8/3/2019 QualysGuard Quick Tour

    17/42

    ScanView Scan Results

    QualysGuard Quick Tour 17

    Next, the Summary of Vulnerabilities detected appears with the total number of vulnerabilitiesdetected and the average security risk. This section appears for a vulnerability scan.

    After the summary, there are graphs showing vulnerabilities by severity, operating systems

    detected and services detected. This section appears for a vulnerability scan.

  • 8/3/2019 QualysGuard Quick Tour

    18/42

    ScanPrint and Download Scan Results

    18 QualysGuard Quick Tour

    Scroll down to the Detailed Results section to view results for each scanned host, sorted byIP address. This section appears for a vulnerability scan.

    Each scanned host is listed by IP address with the following information when available:

    IP address (DNS hostname, NetBIOS hostname) Operating System

    Select any vulnerability title to expand vulnerability details, including its description, any scantest results and the verified solution provided by the service. All vulnerabilities are available forviewing from the Vulnerability KnowledgeBase. To access the KnowledgeBase, selectKnowledgeBase under Tools. See the Report section for more reporting options.

    Print and Download Scan Results

    Print and download scan results from the File menu in your report.

  • 8/3/2019 QualysGuard Quick Tour

    19/42

    ScanCurrent Host Information

    QualysGuard Quick Tour 19

    Current Host Information

    Current host security information is displayed in reports and other online views throughout theweb application including custom reports, asset search results and remediation tickets.

    You can also view current host information from the host assets list. To do this, select Host Assets

    under Tools and then click for any host. The Host Information pop-up appears.

    At the top is the general information about the host. You can expand sections to view moreinformation. In the example above, the Vulnerabilities section is expanded to view the mostup-to-date vulnerability information for the host. When Policy Compliance is enabled, additionalsections appear. The Compliance section displays the current compliance information for the hostand the Exception section displays the exception requests associated with the host.

  • 8/3/2019 QualysGuard Quick Tour

    20/42

    ScanAsset Search

    20 QualysGuard Quick Tour

    Asset Search

    The asset search feature enables you to search through scan results to find hosts based on scaninformation available in your account. You can search for hosts based on several attributes.

    The asset search feature searches through vulnerability scan results. It also searches limited

    compliance scan information, including DNS name, NetBIOS name and tracking method. Scaninformation from web application scans is not searched.

    To perform an asset search, select Asset Search on the left menu, specify your search targetand any host attributes (optional) you want to search for, and then click Search.

    The Asset Search Report identifies hosts that match your query. To view current securityinformation for a particular host, click the IP address. To perform workflow actions on hosts usethe check boxes (see Perform Workflow Actions).

  • 8/3/2019 QualysGuard Quick Tour

    21/42

    ScanScan Settings

    QualysGuard Quick Tour 21

    Scan Settings

    Option Profile

    The option profile specifies configuration options for a vulnerability scan, on demand orscheduled. Its best practice to use the same profile/configuration options for your scans to

    ensure compliance with existing security policies and accuracy in trend reporting. For avulnerability scan, its recommended you select Initial Options to get started.

    All settings are configurable from the option profiles list. The service provides some predefinedoption profiles. To go to your option profiles list, select Option Profiles under Tools. From theoption profiles list, you can search and view your profiles, edit profiles and create new ones.

    A profile must be applied to every scan type. The profile Payment Card Industry (PCI) Optionsmust be selected for a PCI scan. For a compliance scan you must select a compliance optionprofile, and for a web application scan you must select a web application profile.

    Scanner Appliance

    QualysGuard Scanner Appliances may be installed inside your corporate network to scan theinternal network. See the QualysGuard Scanner Appliance User Guide for further information on thescanner appliance, including installation steps. To view the appliances in your account, selectScanner Appliances under Tools.

    The Scanner Appliance drop-down menu appears when there are one or more scanner appliancesin your account. To scan external devices, select External for the external scanners. To scaninternal devices, select one of these options: Default for the default scanner in each asset group,All Scanners in Asset Group for scanner parallelization, or a scanner appliance name.

  • 8/3/2019 QualysGuard Quick Tour

    22/42

    ScanScan Settings

    22 QualysGuard Quick Tour

    The scanner appliances list tells you about each scanner appliance in your account, including thenumber of asset groups it belongs to. Columns show whether the appliance status is online(blank) or offline (yellow warning icon) based on the latest heartbeat check (every 4 hours),whether the appliance is busy running maps and/or scans, and whether its software is up to date.Click to view more information on an appliance.

    Scanner Parallelization

    The scanner parallelization feature is available for vulnerability scans and compliance scans andincreases scan speed. When scanner parallelization is enabled at run time for a scan task, the scanis distributed to multiple scanner appliances in parallel. The scanner appliances in each targetasset group are used to scan the asset groups IP addresses. At the completion of the scan, theservice compiles a single report with scan results.

  • 8/3/2019 QualysGuard Quick Tour

    23/42

    ScanLaunch Compliance Scans

    QualysGuard Quick Tour 23

    Launch Compliance Scans

    To launch a compliance scan, select Scan on the left menu. Then go to New>Scan>Compliance. This scan option is available when the Policy Compliance (PC) module is enabledfor your account. See Policy Compliance (PC).

    Launch Web Application ScansTo launch a web application scan, select WAS Scan on the left menu. Then go to New>Scan. This scan option is available when the Web Application Scanning (WAS) module is enabledfor your account. See Web Application Scanning (WAS).

    Launch FDCC Scans

    To launch an FDCC scan, select FDCC Scan on the left menu. Then go to New> Scan. Thisscan option is available when the FDCC module is enabled for your account. See FDCC.

  • 8/3/2019 QualysGuard Quick Tour

    24/42

    Schedule

    24 QualysGuard Quick Tour

    Schedule

    Setup scheduled tasks to run automatically on a regular basis so you always have access to up-to-date security information. The scheduling is very granular; allowing you to reduce time spent

    launching maps and scans and freeing time for other tasks like remediation and reporting.The Schedule section is where you manage scheduled maps and scans. Using the New menu, youcan create new schedules. Using the Search and View menus, you can customize the scheduleslist.

    To view the Schedule section, select Schedule on the left menu. This is the starting point forall schedule related tasks.

    The Type column identifies the type of schedule: for a map, for a vulnerability scan,for a compliance scan, for a web application scan, and for an FDCC scan.

    If a schedule is active, meaning that it will run at the next scheduled launch time, a lit clockappears ( ). If a schedule is inactive, then a dimmed clock appears ( ). Edit a scheduled task

    to make it active or inactive.

    To create a new scheduled scan, select Schedule on the left menu, and go to New>Schedule Scan.

  • 8/3/2019 QualysGuard Quick Tour

    25/42

    Schedule

    QualysGuard Quick Tour 25

    You are prompted to select the scan type when multiple modules are enabled in your account andyou have privileges for scanning. Select Vulnerability for a vulnerability scan, Compliance for acompliance scan, or Web Application for a web application scan. The new scheduled scan pageappears in a pop-up window, ready for you to select the scan target and add your schedule.

    For a new scheduled vulnerability scan, go to New>Schedule Scan (or New>Schedule Scan

    >Vulnerability when multiple modules are enabled for your subscription). The new scheduledscan page appears where you will select target hosts and schedule settings.

    Specify schedule attributes including title, target and option profile. Also define schedulingdetails like start date and time, duration, max running time and occurrence.

    Note that you can click the calendar image ( ) to view a calendar pop-up to assist in schedulingthe start time. When you have defined all schedule attributes, click Save. The new scheduled scanappears on your schedules list in the main navigation window where you can edit the task ordeactivate the task.

    You have the option to download one schedule, multiple or all schedules from your schedules listto iCalendar format (ICS). iCalendar is a standard (RFC 2445) for calendar data exchange fromthe IETF (Internet Engineering Task Force) Calendaring and Scheduling Working Group.

    To download one schedule, find the schedule you want in the list and click to see

    scheduled task information. Then go to File>Download as iCalendar. To download multiple schedules, select the check box next to each schedule you want to

    download, and then select Download as iCalendar on the Actions menu and clickApply.

    To download all schedules, go to New>Download. Then select the iCalendar (ICS)format and click Download.

  • 8/3/2019 QualysGuard Quick Tour

    26/42

    Report

    26 QualysGuard Quick Tour

    Report

    Several reporting options are offered through scan reports, compliance reports, map reports,remediation reports, and web application reports. Scan, map and compliance policy reports are

    fully customizable through templates, allowing you to specify the exact type of information youwant in the report.

    Report Share functionality provides enhanced reporting capabilities for customers with largeamounts of report data, and promotes collaboration and sharing of reports. Users can run reportsonce and share them with other users. Each report is saved for 7 days in Report Share, after whichit expires. Report Share is enabled for Enterprise accounts automatically, and is not available forExpress accounts. Please contact Customer Support if you would like to upgrade yoursubscription account to use Report Share.

    To view the available report templates:

    When Report Share is enabled, select Report Templates on the left menu, under Tools.

    When Report Share is not enabled, select Report on the left menu.

    The Type column shows the report type: for a scan report, for a compliance report, fora map report, and for a remediation report. To run a report click next to the title.

    When Report Share is enabled, users launch reports, view report status and completed reportsfrom the report history list according to their user roles and account settings.

  • 8/3/2019 QualysGuard Quick Tour

    27/42

    ReportReport Templates Provided

    QualysGuard Quick Tour 27

    Report Templates Provided

    QualysGuard provides several predefined report templates for all report types. You can use thesetemplates to generate reports, download them, and print them to multiple formats for easydistribution. For additional scan reports, see Vulnerability Scorecard Reports.

    Map Template

    Unknown Device Report. Identifies whether hosts included in saved map results are approvedaccording to your security policy. Hosts in your map results which are not in your approved hostslist are identified as rogue.

    Scan Templates

    Executive Report. Provides a global view of your network security, including trend information,suitable for overall security management.

    Technical Report. Provides host vulnerability data from the most recent scans, suitable forindividuals responsible for taking action on vulnerabilities and their management.

    High Severity Report. Identifies all severity 4 and 5 vulnerabilities on your network.

    Compliance Templates

    Qualys Top 20 Report. Indicates whether hosts are compliant with the Qualys Top 20 real-timevulnerabilities, including the Top 10 internal vulnerabilities and the Top 10 externalvulnerabilities.

    SANS Top 20 Report. Indicates whether hosts are compliant with the SANS Top 20vulnerabilities, published by The SANS Institute.

    Payment Card Industry (PCI) Executive Report. Identifies whether target hosts are compliantwith the PCI Data Security Standard. It is suitable for submission to acquiring banks todemonstrate compliance with the PCI Data Security Standard.

    Payment Card Industry (PCI) Technical Report. Indicates whether target hosts are compliantwith the PCI Data Security Standard. It is suitable for individuals responsible for taking action onvulnerabilities and their management.

    Authentication Report. Indicates the authentication status of hosts in your account.Authentication to hosts is required for compliance scans. Note that this is a hidden reporttemplate, which is not visible on the report templates list. This template is only available whenthe Policy Compliance module is enabled for the subscription.

    Remediation Templates

    Executive Remediation Report. Provides a ticket status summary, and ticket trends over the past12 weeks state changes, open tickets, suitable for security management.

    Tickets per Vulnerability Report. Lists tickets by vulnerability.

    Tickets per User Report. Lists tickets by ticket owner (user).

    Tickets per Asset Group Report. Lists tickets by asset group.

  • 8/3/2019 QualysGuard Quick Tour

    28/42

    ReportReport Share

    28 QualysGuard Quick Tour

    Report Share

    Report Share is a subscription option that is enabled automatically for Enterprise accounts.

    With Report Share, the Report option on the left menu takes you to the report history listwhere you view and download completed reports, launch reports (just like scans), view reportstatus, and cancel reports in progress. To download a saved report, just click next to thereport. The Report Templates option on the left menu takes you to your report templates list.

    Users view reports based on their access privileges, which are defined by their account settings.The service automatically publishes reports in a users report history list when the user hasprivileges to access/view the report and its content.

    Additional reporting features give managers (Managers and Unit Managers) the ability todistribute reports to the right people at the right time.

    Grant Users Access to Reports Managers can grant users access to certain reports when usersdo not have access privileges to these reports. This is a way, for example, for managers to sharereports with users who do not have access privileges to all IPs included in the reports. Managers

    define a user access list for an individual report (click next to a completed report in the reporthistory list) or for a report template (see Custom Report Templates).

    Secure PDF Distribution Managers can select a one step solution to generate encrypted PDFreports and securely distribute them to users outside of the application via email. Managers selectthis option when launching a new report, as described below.

  • 8/3/2019 QualysGuard Quick Tour

    29/42

    ReportLaunch New Report with Report Share

    QualysGuard Quick Tour 29

    Launch New Report with Report Share

    To launch a report using Report Share, select Report on the left menu. Go to the New menuand select the report type. Enter the report title and select a report template, output format andsource. Click Run to launch the report. The report runs in the background and you can view thereport status on the report history list. A report summary notification is sent when the report

    completes (when this notification is enabled in your account).

    When the PDF format is selected, Managers and Unit Managers may click the link Add SecureDistribution for a one step solution to generate an encrypted PDF report and securely distributethe report to a list of users outside of the application via email (see the Report Share Setup page).

    Report Storage with Report Share

    By default each report is saved in Report Share for 7 days after its creation date. The automaticexpiration of reports makes room for new reports in Report Share. Each user is assigned a report

    storage space limit in Report Share. Note that map and scan results are not stored in Report Shareand thus do not consume Report Share storage space.

    Managers set the user limit on the Report Share Setup page (go to Setup>ReportShare). Thesame user limit applies to all users in the subscription.

  • 8/3/2019 QualysGuard Quick Tour

    30/42

    ReportReport Storage with Report Share

    30 QualysGuard Quick Tour

    Statistics on space used and remaining free space are displayed. The Secure PDF Distributionoption, when enabled, allows Managers to generate encrypted PDF reports and securelydistribute them to users outside of the application via email.

    You can view the user limit, the space used, and the free space on the Account Info page (go toHelp> Account Info). The user limit is also displayed on the user accounts list.

  • 8/3/2019 QualysGuard Quick Tour

    31/42

    ReportVulnerability Scorecard Reports

    QualysGuard Quick Tour 31

    Vulnerability Scorecard Reports

    Scorecard reports provide vulnerability data and statistics appropriate for different businessgroups and functions. By configuring scorecard reports to use different views and groupings ofassets, you can create multiple reports based on the same data satisfying both security operationspersonnel and business line leaders. You can then share each generated report with the people

    who need it in a format that is meaningful to them.

    The Report section is where you manage scorecard reports (select Report on the left menu).From the New menu, select the scorecard report option.

    The service provides 5 different scorecard reports:

    Asset Group Vulnerability Report. Identifies vulnerabilities with severity levels 3

    through 5.

    Ignored Vulnerabilities Report. Identifies vulnerabilities that are currently ignored.

    Most Prevalent Vulnerabilities Report. Identifies vulnerabilities with the highestnumber of detected instances.

    Most Vulnerable Hosts Report. Identifies hosts with the highest number of criticalvulnerabilities.

    Patch Report. Identifies hosts that are missing patches and software.

    You are prompted to select a report format (PDF, HTML, MHT, XML or CSV). For the reportsource, select asset groups by asset group title or business information, such as all asset groups in

    a business unit (Managers only) and/or business information tags (as defined for asset groups).For the Patch Report, you must also select QIDs for missing patches and software.

    After launching a scorecard report, the report appears in the report history list when Report Shareis enabled in your account, and from there you can check its status to completion. When notenabled, a pop-up window appears with the report status and then the completed report.

  • 8/3/2019 QualysGuard Quick Tour

    32/42

    ReportCustom Report Templates

    32 QualysGuard Quick Tour

    Custom Report Templates

    Scan Report Templates

    To create scan report templates, go to your report templates list. Then go to New>ScanTemplate. The New Template page appears in a pop-up window.

    Fill out the section Scan Results Selection to specify the scan results for the report.

    The User Access tab appears only to Managers and Unit Managers when Report Share is enabled.These managers can add a user access list to grant users access to reports generated by the reporttemplate, when these reports are not distributed automatically. When a report is completed, theservice sends a report notification to users in the access list, and publishes the report in the usersreport history list.

    After making report settings click Save. The scan report template appears on the report templateslist with other templates.

    Map Report Templates

    To create map report templates, go to your report templates list. Then go to New>MapTemplate. The New Map Template page appears in a pop-up window. (Click the Advanced

    button to see all options.)

  • 8/3/2019 QualysGuard Quick Tour

    33/42

    ReportCustom Report Templates

    QualysGuard Quick Tour 33

    Policy Report Templates

    When the Policy Compliance module is enabled for the subscription, youll notice that you canalso create policy report templates. Policy report template settings allow you to choose agrouping method for report details (by hosts or by controls), identify which status levels toinclude in the report (passed, failed or both), and which sections to display in the report. Note

    that a policy report template is not provided by the service by default.

    When the Policy Compliance module is enabled for the subscription, then you can also createpolicy report templates. Note that a policy report template is not provided by the service bydefault.

    To create policy report templates, go to your report templates list. Then go to New>PolicyTemplate. The New Compliance Policy Template page appears in a pop-up window.

  • 8/3/2019 QualysGuard Quick Tour

    34/42

    Remediation

    34 QualysGuard Quick Tour

    Remediation

    The Remediation section is where you manage remediation tickets for vulnerabilities detected byvulnerability scans. From here you can view ticket status and edit tickets to reassign to different

    users, mark as resolve or ignore and add comments for tracking purposes. Using the Newmenu, you can add policy rules. Using the Search and View menus, you can customize the ticketslist.

    To view the Remediation section, select Remediation on the left menu. This is the startingpoint for viewing tickets and taking action on them. By default, only tickets modified within thelast 30 days are displayed. A message appears across the top of the page to alert you to this. Usethe search functionality to find all tickets with certain attributes, including tickets that have beenmodified more than 30 days ago.

    Select View from the top menu and select (check) a quick filter to apply to the tickets list.

    Select a quick filter

    to view your own

    tickets or tickets

    with a particular

    state/status

  • 8/3/2019 QualysGuard Quick Tour

    35/42

    Remediation

    QualysGuard Quick Tour 35

    Set Remediation Policies

    Remediation policies identify rules used to create and update tickets based on most recent scanresults. Managers and Unit Managers may view, create and edit remediation policies in thesubscription. To view remediation policies, select Remediation Policy on the left menu underTools. From here you can manage policy rules. Rules are listed in priority order, where the first

    rule is applied to new scan results first. To add a new rule, go to New>Policy.

    Set Remediation Options

    To set remediation options, go to Setup>Remediation. Transition options, which can be set byManagers, allow ticket state transitions by users and by the service. The transition options applyto the subscription. The timeframe option allows any user to configure the timeframe for whichtickets are displayed in their tickets list. Only tickets modified within the selected timeframe will

    be displayed.

    Options that allow

    ticket transitions

    Tickets modifiedwithin a timeframe

    will be displayed

  • 8/3/2019 QualysGuard Quick Tour

    36/42

    Payment Card Industry (PCI) Compliance

    36 QualysGuard Quick Tour

    Payment Card Industry (PCI) Compliance

    QualysGuard PCI Compliance provides businesses, online merchants and Member ServiceProviders the easiest, most cost-effective and highly-automated way to achieve compliance with

    the Payment Card Industry Data Security Standard (PCI DSS).The PCI Compliance module is enabled for your subscription when appears in the top menu

    bar. All users are granted PCI permissions automatically based on their assigned user role.Managers have full rights for scanning and reporting on all IPs in the subscription.

    Workflows

    A. Scan Launch PCI scans to gather PCI compliance data from hosts. Download a version ofscan results to review CVSS V2 scores and PCI compliance status.

    B. Schedule Schedule PCI compliance scans to run in the future or on a recurring schedule.

    C. Report Run PCI network reports to review PCI compliance status and vulnerability details.Download the report in PDF format and submit to your acquiring banks for validation.

    D. Option Profiles A predefined option profile called Payment Card Industry (PCI) Optionsmust be applied to each PCI scan. This profile has scan settings designed to test compliance with

    the PCI DSS requirements.E. KnowledgeBase The KnowledgeBase includes vulnerability checks performed for PCI scans(all vulnerabilities with the compliance type PCI).

    More Information

    Refer to the QualysGuard online help to become familiar with the PCI module. Go to Help>Online Help and navigate to the Payment Card Industry (PCI) section.

    AB

    C

    D

    E

  • 8/3/2019 QualysGuard Quick Tour

    37/42

    Policy Compliance (PC)

    QualysGuard Quick Tour 37

    Policy Compliance (PC)

    QualysGuard Policy Compliance (PC) gives customers the ability to audit host configurationsand document compliance to internal and external auditors to meet corporate security policies,

    laws and regulations.Policy Compliance provides a policy editor for creating and editing policies and assigning assets,automated compliance scanning, technical controls libraries created based on CIS and NISTstandards and mapped to frameworks and regulations (such as COBIT, ISO, ITIL, SOX etc.), andautomated exception and trend reporting.

    The PC module is enabled for your subscription when appears in the top menu bar. Managersare granted PC permissions automatically. Sub-account users (Readers, Scanners, Unit Managers)must be granted these permissions in their account settings.

    Workflows

    A. Scan Launch compliance scans to gather compliance data from hosts in asset groups.

    B. Schedule Schedule compliance scans to run in the future or on a recurring schedule.

    C. Report Run reports with multiple views to review compliance status with a particularpolicy by business unit, asset group or host. (Note Report Share is enabled.)

    D. Exceptions Exception requests submitted by users. Each request is for hosts/controls in acertain policy. Managers and Auditors may approve exceptions. Unit Managers may approveexceptions when granted this permission.

    ABCD

    E

    FG

  • 8/3/2019 QualysGuard Quick Tour

    38/42

    Policy Compliance (PC)

    38 QualysGuard Quick Tour

    E. Option Profiles A compliance profile with user-defined scan settings must be applied toeach compliance scan. A compliance profile must be defined by the user before launching a scan.

    F. Policies A policy is a written statement of a rule that is applied to operating systems andapplications, referred to as technologies, in the network environment.

    G. Controls Technical controls based on CIS and NIST standards measure compliance againstnumerous frameworks and regulations such as COBIT, ISO, ITIL, FFIEC, NERC, etc.

    Auditor User Role

    The Auditor user role is specific to Policy Compliance for performing compliance managementtasks.

    The first time an Auditor logs in they will see the Quick Start with links to setup options. On theleft menu, options are provided for compliance reporting, managing exception requests, creatingpolicy report templates, and managing policies.

    More Information

    If you would like to enable the Policy Compliance (PC) module for your subscription, pleasecontact Technical Support or your Account Manager.

    Refer to the QualysGuard Policy Compliance Getting Started Guide to become familiar with the

    PC module. Go to Help>Resources on the top menu bar to download.

  • 8/3/2019 QualysGuard Quick Tour

    39/42

    Web Application Scanning (WAS)

    QualysGuard Quick Tour 39

    Web Application Scanning (WAS)

    The QualysGuard Web Application Scanning (WAS) provides customers with automatedcrawling and testing for custom web applications. The module identifies most web application

    vulnerabilities such as those in the OWASP Top 10 and the WASC Threat Classification includingSQL Injection and Cross-Site Scripting. Users have the ability to manage the security of their webapplications by launching scans and generating reports using the familiar QualysGuard UI.

    The WAS module is enabled for your subscription when appears in the top menu bar.Managers are granted WAS permissions automatically. Sub-account users (Readers, Scanners,Unit Managers) must be granted these permissions in their account settings.

    Workflows

    A. WAS Scan Launch web application scans to analyze the security of your web applicationsand identify detected vulnerabilities, sensitive content, and information gathered.

    B. Schedule Schedule web application scans to run in the future or on a recurring schedule.

    C. Report Run reports with multiple views to review web application vulnerability status andverified solutions. Both scorecard reports and interactive reports for remediation and testing areprovided.

    D. Option Profiles A web application profile with scan settings must be applied to each webapplication scan. A user may configure settings for crawling, sensitive content search, andvulnerability detection. A predefined profile called Initial WAS Options is provided by the

    ABC

    D

    E

    F

  • 8/3/2019 QualysGuard Quick Tour

    40/42

    Web Application Scanning (WAS)

    40 QualysGuard Quick Tour

    service. This profile performs a crawl only scan that does not scan for vulnerabilities. To performa vulnerability scan, you can rename this profile and un-check the Crawl only option to getstarted.

    E. Web Applications A web application is the target of a web application scan. It is defined bythe location where crawling starts: virtual host (FQDN or IP address), port number, and starting

    URI (by default the web application root directory). User access is managed per web applicationby access rights: read (view), write (edit), and execute (launch a scan). Full rights are given to allManagers and the web application owner; other users may be granted rights.

    F. KnowledgeBase The KnowledgeBase includes vulnerability checks performed for webapplication scans (all vulnerabilities in the Web Application category).

    More Information

    If you would like to enable the Web Application Scanning (WAS) module for your subscription,please contact Technical Support or your Account Manager.

    Refer to the QualysGuard Web Application Scanning Getting Started Guide to become familiar withthe WAS module. Go to Help>Resources on the top menu bar to download.

  • 8/3/2019 QualysGuard Quick Tour

    41/42

    FDCC

    QualysGuard Quick Tour 41

    FDCC

    Qualys is pleased to announce the newest member to the QualysGuard Security andCompliance Suite QualysGuard FDCC. The QualysGuard FDCC Module is the first certified

    cloud-based computing solution for Federal Desktop Core Configuration compliance. Thesolution is delivered as a service, making it easy and cost effective to implement on a global scale.

    The FDCC module allows customers to audit host configurations and document compliance withFederal Desktop Core Configuration, an OMB (U.S. Office of Management and Budget) mandate.FDCC requires federal agencies to standardize the configuration of computer systems tostrengthen IT security.

    The FDCC module supports these products and technologies: Windows XP, Windows XPFirewall, Windows Vista, Windows Vista Firewall, and Internet Explorer 7.

    The FDCC module is enabled for your subscription when the FDCC Scan option appears onthe left navigation menu. Managers are granted FDCC permissions automatically. Sub-accountusers (Readers, Scanners, Unit Managers) must be granted permissions in their account settings.

    Workflows

    A. FDCC Scan Launch FDCC scans to analyze the FDCC compliance status of hosts assignedto an FDCC policy. When launching or scheduling an FDCC scan, select a scanner appliance thathas the FDCC scan option enabled and compliance hosts that are available in your account.

    ABC

    D

    F

    E

  • 8/3/2019 QualysGuard Quick Tour

    42/42

    Contact Support

    B. Schedule Schedule FDCC scans to run at some time in the future or on a recurring schedule.

    C. Report Run reports with multiple views to identify FDCC compliance status. The FDCCPolicy XML report is suitable for submission to overseeing agencies and organizations.Interactive reports support FDCC compliance testing per host and per rule.

    D. Option Profiles A compliance option profile with user-defined scan settings is applied toeach FDCC scan. A compliance profile must be defined by the user before launching a scan. Thislist includes the option profiles in your account for all your QualysGuard scans.

    E. Scanner Appliances FDCC scanning is supported using scanner appliances that have theFDCC option enabled. The FDCC option can be enabled on a scanner appliance when it isrunning Scanner Appliance software version 2.4 or later. To enable the FDCC option, edit anyscanner appliance in your account. When FDCC is enabled on a scanner appliance, standardscanning is also enabled so the appliance can be used for FDCC scanning, vulnerability scanning,compliance scanning (when the compliance module is enabled), and web application scanning(when the WAS module is enabled).

    F. Policies An FDCC policy is applied to each FDCC scan. Each policy consists of FDCC

    content files for one FDCC policy version, one FDCC benchmark, and one technology. This listincludes all policies available in your account. The service provides a library of FDCC policies,and users may upload custom FDCC policies.

    More Information

    If you would like to enable the FDCC module for your subscription, please contact TechnicalSupport or your Account Manager.

    Refer to the QualysGuard FDCC Module Getting Started Guide to become familiar with the FDCCmodule. Go to Help>Resources on the top menu bar to download.

    Contact Support

    Qualys is committed to providing you with the most thorough support. Through onlinedocumentation, telephone help, and direct email support, Qualys ensures that your questionswill be answered in the fastest time possible. We support you 7 days a week, 24 hours a day.Access online support information at www.qualys.com/support/.

    http://www.qualys.com/support/http://www.qualys.com/support/