First-Party Risk Management: Custom Vulnerabilities (QIDs)

Organizations rely on in-house software to run their business, but securing these first-party applications is a challenge for security teams due to the constantly changing attack surface.

You can identify potential risks in first-party and open-source software using VM/VMDR and CAR applications. You can define custom vulnerabilities by creating your own detection and remediation scripts in Qualys VM/VMDR and get a comprehensive overview of all vulnerabilities in your environment. The scripts can be created using commonly used languages such as PowerShell and Python in VM/VMDR. Vulnerabilities are detected based on the logic defined in scripts.

In the KnowledgeBase, you can access information regarding custom QIDs. You can create Custom QIDs using CAR scripts. Custom QID allows you to customize vulnerabilities. You can define various aspects related to vulnerability such as vulnerability type, severity level, QID type.


For details on how to create Custom QIDs, refer to the Custom Assessment and Remediation Online help.


Search the Custom QIDs

Follow these steps to search for custom QIDs.

1) Go to VM/VMDR > KnowledgeBase tab > KnowledgeBase and click Search.

2) In the Search window, select Custom QID  from the Category, and click Search.

Your Custom QIDs is displayed in the list in KnowledgeBase.  

You can view or edit the custom QID from the Quick Actions menu.

To view the details of the custom QID, click Info from the Quick Actions menu.

To edit the details of the custom QID, click Edit from the Quick Actions menu.

To learn more about creating and editing custom QIDs, refer to the online help of Custom Assessment and Remediation.

You can create a dynamic or static search list to find custom QIDs.

Good to Know

Configure Dynamic Search Lists

Static Vulnerability Search List

How to use Search Lists

Import Search Lists from the Library

Dynamic Lists vs. Static Lists

Download the Search Lists