Your SANS Top 20 Report

Why should I run this report?

Tell me about compliance status

How do I run it?

Perform remediation actions

Where do I see the QIDs included in the report?


Why should I run the SANS Top 20 report?

You run this report to identify the SANS Top 20 vulnerabilities on your network. The SANS Institute publishes a list of the 20 most critical Internet security vulnerabilities, including top vulnerabilities in Windows systems, Unix systems, cross-platform applications and networking products. For each of the top 20 vulnerabilities, the service scans for multiple QIDs and reports results for those detected.

Important: The SANS Top 20 list was last updated back in 2008. We recommend you run the Qualys Top 20 report for more accurate information on the most prevalent and critical real-world vulnerabilities.

How do I run it?

Go to VM/VMDR > Reports > Templates. Find the SANS Top 20 Report template and select Run from the Quick Actions menu. (The template is called "2008 SANS Top 20 Report" if your subscription was created using version 6.18 or later.)

Where do I see the QIDs included in the report?

The Report Summary section will list the QIDs included in the report. For each of the SANS 20 vulnerabilities, the service scans for multiple QIDs and reports results for those detected.

Tell me about the compliance status for each vulnerability

Passed - none of the QIDs corresponding to the particular SANS vulnerability were detected.

Failed - at least one QID corresponding to the particular SANS vulnerability was detected. Click on any title to see a list of hosts it was detected on. Click on the IP address for any host to view specific results for the host.

How do I perform remediation actions from my report?

Click Remediation Action icon in reports in the Detailed Results section and choose an action. The action you choose applies to the vulnerability instance (vulnerability/host/port combination).

Ignore vulnerability - Ignore a vulnerability to filter it out of certain scan reports (report template must include host based findings), host information, asset search results and your dashboard. This action also closes associated remediation tickets for the vulnerability/host pair. If no ticket currently exists, one will be created and closed automatically for tracking purposes.

Activate vulnerability - Reactivate an ignored vulnerability. To see this option, your scan report must include ignored vulnerabilities and the report template used must include host based findings.

View / Create ticket - View an existing ticket or create a new one. When you create a ticket, the action is logged in the ticket history with your name and time stamp. You can make changes to an existing ticket by selecting File > Edit when viewing the ticket details.

Don't see these options?Don't see these options?

You'll see these options only when viewing a scan report (template based) with host based findings in HTML format.

Scanners and Readers may not have permission to ignore/activate vulnerabilities, depending on remediation options set for the subscription.

Are you an Express Lite user? If yes, the ticket options are not available.