In Qualys, vulnerabilities are defined by QIDs, so what we want to do is perform a scan targeting the specific QIDs associated with the vulnerabilities of choice. The scan should be an authenticated scan, as you will likely not get usable results with unauthenticated scanning.
The key to our quest to scan for specific vulnerabilities with Qualys is “Search lists”, found in the Knowledgebase tab in VMDR module. The search list is the way to specify lists of QIDs, and that has many uses.
In this example, we are looking for Spring4Shell, so we start by identifying the QID(s) we want to include in our results. We do that by searching the Knowledgebase:
Now we know that we are targeting QID 376514 in our scan for specific vulnerabilities with Qualys, the next step is to create a Search list and include QID 376514.
Now we have our search list, we need to associate that search list with the scan we are going to run – enter the Option profile. The option profile tells Qualys exactly how you want your scan to be performed, and includes a setting for setting the scope to specific search lists.
So, we are going to create a new option profile and specify our search list here:
Make sure to include “Basic host information checks” and authentication.
All we have to do now is to initiate a scan using our new option profile:
Now, Qualys have performed a scan for just the QIDs we defined in the Search list. How do we see the output?
You can either:
If you’re a seasoned Qualys admin, what you probably want to do is to ensure that you have agents deployed to all assets that supports an agent, and then create a dashboard that automatically updates, shows trends etc.