Organizations rely on in-house software to run their business, but securing these first-party applications is a challenge for security teams due to the constantly changing attack surface.
You can identify potential risks in first-party and open-source software using VM/VMDR and CAR applications. You can define custom vulnerabilities by creating your own detection and remediation scripts in Qualys VM/VMDR and get a comprehensive overview of all vulnerabilities in your environment. The scripts can be created using commonly used languages such as PowerShell and Python in VM/VMDR. Vulnerabilities are detected based on the logic defined in scripts.
In the KnowledgeBase, you can access information regarding custom QIDs. You can create Custom QIDs using CAR scripts. Custom QID allows you to customize vulnerabilities. You can define various aspects related to vulnerability such as vulnerability type, severity level, QID type.
For details on how to create Custom QIDs, refer to the Custom Assessment and Remediation Online help.
To use this feature, the account must be Vulnerability Management Scan Processing (VMSP) enabled. Contact Qualys support for more information.
To support this feature, you must have Qualys CAR application with version 1.8.0.0 or later.
Follow these steps to search for custom QIDs.
1) Go to VM/VMDR > KnowledgeBase tab > KnowledgeBase and click Search.
2) In the Search window, select Custom QID from the Category, and click Search.
Your Custom QIDs is displayed in the list in KnowledgeBase.
You can view or edit the custom QID from the Quick Actions menu.
To view the details of the custom QID, click Info from the Quick Actions menu.
To edit the details of the custom QID, click Edit from the Quick Actions menu.
To learn more about creating and editing custom QIDs, refer to the online help of Custom Assessment and Remediation.
You can create a dynamic or static search list to find custom QIDs.
Configure Dynamic Search Lists
Static Vulnerability Search List
Import Search Lists from the Library
Dynamic Lists vs. Static Lists