The debug scan provides users with sufficient verbosity logging details to identify any of the issues that occurred during the standard scanning process. This scan affects the target as any standard scan, with additional logs for troubleshooting purposes.
Enabling the users to perform Automated Debug scans, avoids the dependency on the Qualys Customer Support team to change the operational mode of the scanner to Debug. The users can launch the Debug Scan from the Scan Launch Screen with only one IP Address. With this, the scanner is automatically set into Debug Mode, and post the completion of the scan, the scanner automatically revert to the Standard operation mode, and the users can continue with their traditional scanning activity planned during that time.
Note: Debug Scans can run for a longer duration based on the QIDs configured in the Compliance Profile and the selection of the Scanner Debug Modes. This may impact any on-demand or scheduled scans that are planned while the debug scans are in progress.
Enable Debug Scan
The Debug Scan feature needs to be enabled for your subscription. Contact your Technical Account Manager or Qualys Support.
Perform the following steps for the debug scan
Once the Debug Scan feature is available in your subscription, enable and save the settings.
After activation, the Debug Scan option is available in the Scan Launch UI. The scan can be initiated only by the Manager User.
Note: Limit the Option Profile with the required set of QIDs for the troubleshooting activity, and it is not recommended to perform with complete vulnerability detection.
Network - (Visible only when the Network Support feature is enabled for your subscription.) Select the network you want to scan. The Global Default Network is selected by default but you can choose a user-created network from the list.
Scanner Appliance - Qualys recommends customers initiate the Debug Scans, while the scanner is fully available to ensure that, there is no overlap to scheduled/on-demand scans. After completing the Debug Scans, the Scanner Appliance automatically reverts to normal.
Click here to see your Scanner Appliance optionsClick here to see your Scanner Appliance options
Scanner Debug Modes - You can run the debug scans in different debug modes depending on the amount of logging level required based on the issue for which debug scan is run. There are 3 debug modes available
- Default - This is the lowest logging level in the case of debug scans. It can be run for issues such as Host Not Alive, Scan Discontinued, and Insufficient Privileges issues.
- Standard - This is the middle logging level for debug scans. The scanner logs more events as compared to the default debug level. This is generally used for Web application scanning-related issues.
- Advanced - This is the highest level of debug scan that can be run from the UI. This can be run for issues such as authentication, OS fingerprinting issues.
IP Address - Enter the IP address for which you need to run the debug scan.
IPv6 Address - Enter the IPv6 address/range you want to scan.
Note: You can scan one IP address at a time.
FQDN(s) - (Visible only when the DNS Tracking feature is enabled for your subscription.) When this feature is enabled, you can see the FQDNs input field where you can enter a comma-separated list of Fully Qualified Domain Names to scan (e.g., www.abc.com, www.xyz.com). Enter up to 4000 characters. Each FQDN must resolve to an IP address in your VM account to successfully scan it and view the results. The Scan Results report shows the FQDN information in the Report Summary section. Click here to learn how to enable this featureClick here to learn how to enable this feature
To enable this feature, the user with the manager primary contact must navigate to Scans > Setup > DNS Tracking and select Enable DNS Tracking for hosts checkbox.
From - Select the email address that should appear in the From line of the email. You can choose the Support email or your own.
Email To - Tell us who to notify when this scan is finished. You can do this by selecting distribution groups. Click Add Group. Then, in the window that appears, select a group in the list to see details about the group, and click Add to list to add the group to the notification. Learn more about distribution groups
Subject Line - Enter text that appears in the Subject line of the email.
Custom Message - Enter a custom message that appears in the body of the email.
Note: When the Debug Scan is running, you will not be able to Pause/Resume/relaunch the scans.
After completing the Debug Scans, the Scanner Appliance automatically reverts to normal.
The users must manually download the Scan Results in PDF format (for the Debug Scans) and then share it with the Qualys Support team at support@qualys.com. Qualys Support will leverage backend tooling and reference numbers from the Scan PDF to retrieve, decompress, and de-obfuscate that log file, which could potentially contain sensitive information.