Snapshot-Based Scan Logs

Snapshot-Based Scan Logs provide centralized visibility into all scans performed using snapshot-based methods. This feature helps you track scan history, monitor execution status, and quickly filter scan records across accounts, regions, resource types, and scan types.

Overview

Snapshot-based scan logs maintain a detailed, chronological record of scans triggered on cloud assets using snapshots. Each log entry captures key metadata, including the scanned resource, scan type, trigger method, execution time, and current status.

This helps to:

  • Monitor scan execution and completion
  • Troubleshoot pending or failed scans
  • Audit historical snapshot-based scan activity
  • Filter and locate specific scan records efficiently

Supported Scan Types

The following snapshot-based scans are supported:

  • OS Scan – Identifies operating system vulnerabilities and misconfigurations

  • SwCA (Software Composition Analysis) – Detects vulnerable third-party packages and libraries

  • Secret Scan – Identifies hardcoded secrets and sensitive information

Prerequisites

Before using Snapshot-Based Scan Logs, ensure the following:

  • CloudFormation Service Template (CFT-S) version 10 or above is deployed in the AWS account

Accessing Snapshot-Based Scan Logs

To view snapshot-based scan logs:

  1. Navigate to Configure

  2. Select Snapshot Scan Logs

This opens a centralized log view displaying all snapshot-based scan records.

snapshot_logs

Snapshot Scan Logs page Overview

The Snapshot Scan Logs page provides a tabular view of all snapshot-based scan activities.

Summary Section

  • Total Resources – Displays the total number of resources with snapshot-based scan records

  • Search Bar – Allows keyword-based search across log entries

Quick Filters

Use Quick Filters on the left panel to narrow down results:

  • Status

    • Pending

    • Scan Completed

  • Scan Type

    • OS

    • SwCA

    • Secret

  • Trigger Type

    • Scheduled

  • Resource Type

    • Instance

    • Image

Log Details and Columns

Each row in the Snapshot Scan Logs table represents a single scan record and includes the following details:

  • Resource ID – Unique identifier of the scanned resource

  • Resource Name – User-defined or cloud-provider name of the resource

  • Resource Type – Type of asset (Instance or Image)

  • Region – Cloud region where the resource is located

  • Account ID – Cloud account associated with the resource

  • Scan Type – Type of scan performed (OS, SwCA, or Secret)

  • Trigger Type – How the scan was initiated (Scheduled)

  • Scan Time – Time elapsed since the scan was triggered

  • Status – Current scan status (Pending or Success)

  • Status Message – Additional context or system messages, if available

Search and Filtering

To efficiently locate scan records, you can:

  • Use the search bar for keyword-based filtering

  • Apply Quick Filters to refine results by status, scan type, trigger type, or resource type

  • Combine search tokens for more granular filtering

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: March, 2026