When are new QIDs created?
The Qualys Vulnerability and Threat Research team investigates CVEs and will publish a detection (QID) when feasible. You can review the Vulnerability Detection Pipeline for upcoming and new QIDs. You can search the pipeline by CVE and filter by detection status.
For Linux related CVEs, such as for SUSE, RedHat and CentOS, we use an automated approach to add QID detections for CVEs only after the vendor publishes an advisory for the CVE. If the vendor does not release an advisory for the CVE, then we will not create the QID until the vendor advisory is available. These QIDs require package based detections and we need vendor confirmation for package names and patched versions.
When does a new QID reflect in the Vulnerability Management (VM) application?
Once a new QID is published by the Qualys Vulnerability and Threat Research team, it takes around 4 to 8 hours for the new QID to reflect in the VM application.
In which scenarios do we mark the status of a QID as fixed?
When a QID is marked as active and in the next scan, access to the relevant registry entry is either unavailable or blocked, the QID is marked as fixed. However, it is marked as reopened in a subsequent scan only if the access or blocking issue is resolved.
There can be multiple reasons for this behavior, such as insufficient privileges to access registry, firewall blocking ports during scans (either at a network or host firewall) registry privileges, and authentication pass. These factors may prevent Qualys from detecting the vulnerability accurately.
To identify if blocking issues occurred during a scan, review the IG QIDs such as 34011 (firewall detected), 42432 (possible scan interference), or 90195 (Windows registry key access denied).