The Complete Qualys Vulnerability Management Training#cybersecurity #vulnerability

Cyber Technical knowledge2 minutes read

Vulnerability Management Training covers setting up accounts, using Qualys Knowledge Base, assessing vulnerabilities, managing assets, and creating reports with a focus on severity levels. Practical exercises provide hands-on experience, emphasizing the importance of addressing severity 3, 4, and 5 vulnerabilities while not overlooking collective risk from numerous lower severity vulnerabilities.

Insights

  • Qualis Vulnerability Management training requires a lab document and a student trial account for successful completion.
  • Vulnerability assessment involves using Qualis vulnerability scans or installing the Qualis Cloud agent for data collection.
  • Organizations prioritize addressing severity 3, 4, and 5 vulnerabilities first.
  • Qualis Knowledge Base provides current and comprehensive vulnerability information, linking to CVE websites, software vendors, and Bug track data.

Get key ideas from YouTube videos. It’s free

Recent questions

  • What is the focus of Qualis Vulnerability Management training?

    The focus is on setting up accounts and utilizing the Qualis Knowledge Base to understand vulnerabilities.

  • How does Qualis Threat Protection aid in vulnerability identification?

    Qualis Threat Protection provides real-time threat indicators to identify vulnerabilities targeted by known threats.

  • What is the primary emphasis in vulnerability assessment with Qualis?

    The primary emphasis is on using Qualis vulnerability scans or installing the Qualis Cloud agent for data collection.

  • How are assets managed in the Qualis cloud platform?

    Assets are managed through assets and inventory management, allowing viewing and managing host assets.

  • What is the significance of addressing severity 3, 4, and 5 vulnerabilities?

    Organizations prioritize addressing these vulnerabilities first to ensure effective vulnerability management.

Related videos

Summary

00:00

"Qualis Vulnerability Management Training Overview"

  • Qualis Vulnerability Management training requires a lab document and a student trial account for successful completion.
  • The course provides an overview of the Qualis cloud platform and the Qualis Vulnerability Management application.
  • Focus is placed on setting up the account for lab exercises and utilizing the Qualis Knowledge Base to understand vulnerability QIDs.
  • Vulnerability assessment involves using Qualis vulnerability scans or installing the Qualis Cloud agent for data collection.
  • Assets and inventory management in the Qualis cloud platform allows viewing and managing host assets.
  • Real-time threat indicators from Qualis Threat Protection help identify vulnerabilities targeted by known threats.
  • Reporting focuses on building vulnerability and patch reports to share with operational and patch teams.
  • User management discusses creating and managing user accounts with various roles within the Qualis subscription.
  • Remediation capabilities within the Qualis Vulnerability Management application aid in prioritizing and resolving vulnerabilities.
  • Lab exercises throughout the course provide hands-on experience with the vulnerability management application and other Qualis cloud platform applications.

19:46

Prioritize Severity 3-5 Vulnerabilities for Security

  • Organizations prioritize addressing severity 3, 4, and 5 vulnerabilities first.
  • Collective risk from numerous low severity vulnerabilities should not be ignored.
  • Column options allow viewing different types of CVS scores.
  • Common Vulnerability Scoring System is the standard for the payment card industry data security.
  • Qualis Knowledge Base provides current and comprehensive vulnerability information.
  • Links in Qualis Knowledge Base connect to Common Vulnerabilities and Exposures website, software vendor websites, and Bug track data.
  • Published date of QID in Qualis Knowledge Base indicates when it was added, with modifications reflected in the modified date.
  • Qualis Knowledge Base offers over 30 search options for locating specific QIDs or vulnerabilities.
  • Search tool allows searching using CVE IDs, CVS scores, Bug track IDs, and published or modified dates.
  • Qualis Cloud Agent and scanners are recommended for vulnerability assessments, with the option to combine both for comprehensive scans.

39:19

"Managing Host Assets and Scans in Qualys"

  • Host assets in a subscription must be added before scanning; assets can be grouped into asset groups for targeting.
  • Asset tags provide a dynamic and automated way to manage host assets in a subscription.
  • Scans can target asset groups or asset tags created by the user.
  • Vulnerability assessment scans require selecting an option profile with scan preferences.
  • Before launching a scan, verify host assets in the subscription under the host assets tab.
  • Qualys agent deployment on host assets is visible under the host assets tab.
  • Use the scans tab to launch a scan, selecting the scan option for a manual scan.
  • Scan components include the option profile, scanner appliance, and host assets.
  • Custom authentication profiles can be created for authenticated scans in the option profile.
  • Different scanner appliance options are available, including external scanners and virtual scanners.
  • Scheduled scans can be set to run daily, weekly, or monthly with notifications and scheduling options.
  • Qualys Cloud Agent collects assessment data at regular intervals, with a default interval of every 4 hours.
  • Vulnerability management and asset view applications allow for managing and organizing host assets in a Qualys subscription.
  • The vulnerability management application provides details on host assets, applications, services, operating systems, and certificates.
  • Asset search in the vulnerability management application allows for custom queries against host asset inventory.
  • Asset groups in the vulnerability management application help in organizing host assets based on various criteria.
  • Qualys Asset View provides tools for managing asset inventory, viewing host assets, and creating asset groups.
  • Asset View assets tab displays host assets from the VM subscription and other Qualys applications.

58:55

"Asset View and Tagging for Qualus Applications"

  • Asset view displays asset name and associated operating system
  • Asset view serves as a central repository for multiple Qualus applications
  • Each asset in Asset view has licensed application modules listed
  • Tags column in Asset view identifies asset's associated tags
  • Cloud agent host assets are automatically labeled with a cloud agent tag
  • Additional asset information can be viewed by selecting "view asset details"
  • Asset details may include open ports, installed software, vulnerability findings, threats, compliance findings, file integrity events, indications of compromise, and alerts
  • File Integrity Monitoring and Indication of Compromise details are exclusive to Cloud agent applications
  • Search field allows querying entire asset inventory
  • Help icon provides guidance on searching techniques
  • Asset tags allow grouping and labeling assets
  • Asset tags can be used as scanning or reporting targets
  • Asset tags can dynamically change based on host system changes
  • Asset tags can be nested in hierarchies for better organization
  • Asset tags can be used to assign scanning or reporting scopes
  • Asset tags can be created using static or dynamic rule engines
  • Asset groups can be used as scanning and reporting targets
  • Asset groups can assign host access privileges to Qualus users
  • Asset groups can be created based on IP addresses, DNS names, or net bios names
  • Asset groups can be used to launch scans and create reports
  • Asset groups can be used to delegate mapping responsibilities
  • Asset groups can be labeled based on business impact
  • Asset groups can be used to assign access privileges to users
  • Scan by host name feature allows scanning by DNS or net bios names
  • Asset tags can be used to manage host assets dynamically
  • Asset tagging must be enabled in the account settings
  • Asset tags can be static or dynamic
  • Asset tags can be organized into hierarchies for better organization
  • Asset tags can be created with specific rule engines for dynamic assignment
  • Asset tags can be used to identify host assets running specific software applications
  • Asset tags can be used as scanning or reporting targets
  • Asset tags can automatically update based on host asset changes.

01:18:50

Asset Search Engine and Tag Creation Features

  • The asset search engine allows for the discovery of the asset's IP address, open ports, host operating system, installed software, and vulnerabilities.
  • Tags created using the asset search engine pertain to assets hosted by cloud providers like Amazon, Microsoft, or Google.
  • To create tags for assets running MySQL, a simple regular expression matching all versions of MySQL can be entered, with the option to ignore case.
  • The testing tool allows for the application and testing of rules against the current asset inventory, displaying check marks for matching data and X for non-matching data.
  • By selecting the option to reevaluate the rule against the current asset inventory, a dynamic tag is created for host assets running MySQL.
  • Asset tags can be used as scanning targets by selecting one or more tags and using operators like any or all to target specific host assets.
  • Asset view connectors collect asset inventory data from cloud providers like Amazon, Microsoft, and Google, providing additional asset inventory data.
  • Connectors can be configured to automatically add cloud assets to the subscription and assign unique tags to cloud-based assets.
  • Different report types in the Qualys vulnerability management application include scan reports, scorecard reports, patch reports, authentication reports, and remediation reports.
  • Report templates allow for the customization of report display and filtering options, catering to different target audiences within an organization, with options for scan-based or host-based findings and trending over a specified period.

01:38:24

"Enhancing Vulnerability Reports with Qualus Template"

  • A typical report includes solutions to vulnerabilities and results to help operational teams identify specific vulnerability findings.
  • The template created targets the San Jose asset group and includes details like vulnerability solutions and results.
  • Filter options in a scan report template allow for the selection of detected vulnerabilities for each host or a custom list.
  • Adding a search list to a report template enables vulnerability scans targeting specific groups or types of vulnerabilities.
  • Filtering options on vulnerability status like new, active, reopened, and fixed help create reports focusing on new vulnerabilities.
  • The State filter helps identify vulnerabilities disabled or ignored in the qualus knowledge base.
  • Services and ports options verify host assets running required services and not running unauthorized services.
  • User access settings specify qualus users granted permission to access reports generated by the template.
  • The test button in report template configuration helps test selected options for experimentation.
  • Real-time threat indicators in the qualus threat protection application enhance risk calculation by including known threats, aiding in prioritizing and mitigating high-risk vulnerabilities quickly.

01:59:24

Essential Components and Steps in Network Mapping

  • Mapping is a crucial part of the vulnerability management life cycle, focusing on understanding the hosts in a network without conducting vulnerability assessments.
  • Three key components are necessary for running a map: Targets (domain or IP range), scanner appliance, and option profile defining how the map will run.
  • Qualys aims to provide visibility on network exposure by emulating non-intrusive attacker activities during mapping.
  • The mapping process involves steps like performing a whois lookup, reverse lookup, zone transfer, naming brute force, trace route, live host sweep, and OS fingerprint.
  • To run a map in Qualys, targets need to be defined in the assets section, either by domain or IP address, and asset groups can be utilized for organized selections of assets.
  • Option profiles in Qualys determine the configuration settings for a map, including basic information gathering, live host sweep, performance settings, and packet options.
  • Map results in Qualys display information on mapped domains, found hosts, scanner appliance used, and the configured option profile, with symbols like A (approved), S (scannable), L (live), and N (net block) indicating different statuses of hosts.
Channel avatarChannel avatarChannel avatarChannel avatarChannel avatar

Try it yourself — It’s free.