Your Qualys Top 20 Report

Why should I run this report?

Tell me about the compliance status

How do I run it?

Perform remediation actions

Where do I see the QIDs included in the report?


Why should I run the Qualys Top 20 report?

You run this report to identify the Qualys Top 20 vulnerabilities on your network - including the 10 most prevalent internal vulnerabilities (detected on private IPs) and the 10 most prevalent external vulnerabilities (detected on public IPs). The Qualys Top 20 list is updated automatically and continuously from a statistically representative sample of thousands of networks.

How do I run it?

Go to VM/VMDR > Reports > Templates. Find the Qualys Top 20 Report template and select Run from the Quick Actions menu.

Where do I see the QIDs included in the report?

The Report Summary section will list the QIDs included in the report.

Tell me about the compliance status for each vulnerability

Passed - the vulnerability was not detected on any of the target hosts.

Failed - the vulnerability was detected on at least one host. Click the vulnerability title to see a list of hosts the vulnerability was detected on. Click on the IP address of any host to view specific results for the host.

How do I perform remediation actions from my report?

Click Remediation Action icon in reports in the Detailed Results section and choose an action. The action you choose applies to the vulnerability instance (vulnerability/host/port combination).

Ignore vulnerability - Ignore a vulnerability to filter it out of certain scan reports (report template must include host based findings), host information, asset search results and your dashboard. This action also closes associated remediation tickets for the vulnerability/host pair. If no ticket currently exists, one will be created and closed automatically for tracking purposes.

Activate vulnerability - Reactivate an ignored vulnerability. To see this option, your scan report must include ignored vulnerabilities and the report template used must include host based findings.

View / Create ticket - View an existing ticket or create a new one. When you create a ticket, the action is logged in the ticket history with your name and time stamp. You can make changes to an existing ticket by selecting File > Edit when viewing the ticket details.

Don't see these options?Don't see these options?

You'll see these options only when viewing a scan report (template based) with host based findings in HTML format.

Scanners and Readers may not have permission to ignore/activate vulnerabilities, depending on remediation options set for the subscription.

Are you an Express Lite user? If yes, the ticket options are not available.