Tell me about Authentication Reports

Launch the Authentication Report to see the authentication status for your scanned hosts: Passed, Failed, Passed with insufficient privileges or Not Attempted. If authentication fails, use details in the report to troubleshoot the issue before your next scan.

Run your report from VM

Run your report from PA

Run your report from SCA

New Authentication Report option when running reports in VM

New Authentication Report option when running reports from PC

New Authentication Report option when running reports from SCA

When you send multiple authentication records for a scanner to scan a particular host, the authentication report displays only the record from the most recent attempt.

What's in my report

Authentication Status Levels

Passed
Authentication to the host was successful.

Failed
Authentication to the host was not successful. Refer to the Cause column for additional information. The credentials used in the authentication attempt appear so that you can troubleshoot the issue.

Passed* 
(Applies only to ) Authentication to the host was successful but the login account had insufficient privileges. Make sure the user account provided in the authentication record meets the minimum account requirements. Learn more about insufficient privileges

Not Attempted
authentication to the host was not used. Perhaps you've never scanned the host using authentication or you did but the host scan data was purged.

Summary Section of the Report

For each IP, business unit, asset group or asset tag included in the report, you can view the total number of hosts at each authentication status level. For example, if your report shows "4 of 6 66% Successful" for a particular asset group, then 6 hosts in the asset group were successfully scanned. Out of the 6 hosts scanned, the scanning engine was able to authenticate to 4 hosts. This means that the scanning engine authenticated to 66% of the scanned hosts for the group.

Troubleshoot a Failed Authentication Attempt

Check out the Cause column to get the login ID used during the authentication attempt. Review your authentication record for the host/type and the account privileges to troubleshoot the issue.

Troubleshoot error, "At least one IP in the given asset groups should be in the license."

Ensure that the IP address is added to the license container. The authentication report cannot be generated on DNS that are part of the asset group. At least one IP address must be included in the asset group. To generate the authentication report, include at least one IP address or asset group having at least one IP address.

Host Technology

When you run this report from the PA application, you can view the host technology associated with each host instance - this is the technology the host’s operating system is mapped to.

Host Instance

If the scan information applies to a technology version on the host, like an Oracle version, instance information appears in this format: Port <number>, SID <value>. For example: Port 1521, SID ora010203p.

Last Auth and Last Success Dates

you can view these dates in your report when Additional Host Info was selected at run time.

Last Auth
The last time each host was scanned using authentication - this is when the status was last updated to Passed or Failed.

Last Success
The last time authentication was successful for each host. N/A indicates that the host has been scanned with authentication enabled but it has not been successful.

Host ID

If you select theHost ID checkbox on the Report Details page, you see this column in the report. This column contains the host ID for each host in the report.

All Asset Tags

If you select the All Asset Tags checkbox on the Report Details page, you see this column in the report. In this column, you see all the tags associated with each asset. These tags include the ones you explicitly specify in the report source and also the ones that are not within the scope of your report but are associated with the assets included in the report.

You can view the list of all asset tags associated with each host in this column in CSV and PDF format. In the PDF format, you can view the asset tags up to 255 characters in All Asset Tags column. If the list exceeds this limit, it is represented with an ellipsis (three dots) to indicate the presence of tags beyond 255 characters.

This is applicable to both PA and VM authentication reports.

OS Authentication based Instance Technologies

You can collect technology data by using the underlying OS technology instance without creating authentication records.

When running your report, select the "OS Authentication-based Technology" option under the Appendix section to display all OS authentication-based instance technologies per host in your report.

See OS authentication-based instance technologies

Authentication Records

When you run this report from the PA application, you can see the Authentication Record column in the report. In this column, you can view the authentication record title used for the scan.

Note: The Authentication Record is applicable to all formats, such as PDF(Portable Document Format), XML (Extensible Markup Language), CSV(Comma-Separated Values), HTML (Hypertext Markup Language), and MHT. 

Authentication Scheme

When you run this report from the PA application, you cansee the Authentication Scheme column in the report. In this column, you can view the authentication scheme type like basic, vault, Private key/ certificate, or vcenter used for authentication reports of all types of formats.

The Authentication Record is applicable to all formats, such as PDF(Portable Document Format), XML (Extensible Markup Language), CSV(Comma-Separated Values), HTML (Hypertext Markup Language), and MHT.

Host Authentication Record should not be updated by Cloud Agent Scans (Qualys Asset Merge)

For vulnerability detection, it is recommended to use multiple sensors, such as Remote Vulnerability Scans (scheduled weekly, fortnightly, or monthly) and Cloud Agents, to report vulnerabilities in real-time.
 
Previously, the Authentication Status updated based on data from the Cloud Agent scans for assets scanned using both, remote scans and Cloud Agent scans, which is not the expected behavior.
To address this, an update is released that allows the authentication record for hosts/assets to be updated by remote scans (based on the most recent scan and authentication). This change applies to assets undergoing Remote Scans and Cloud Agent scans (asset merge scenarios).

  • The Authentication Status or Last Authentication Status will not be updated for subscriptions that do not use Qualys Asset Merge or for assets scanned only by Cloud Agents.
  • For assets scanned by Cloud Agents before the update, the Authentication Status or Last Authentication Status and the Last Authentication Date will continue to reflect data from scans conducted prior to the update and will not be updated further.

Reference Links

Agent Scan Merge
Asset Tracking and Data Merging
Prerequisites to Merge IP Scan Data with Cloud Agent Scan Data for a Unified View
Agent Scan Merge Cases

© Qualys, Inc. All rights reserved. Privacy Policy.