On the Display tab, select how much information to include in the report, in both the summary and detailed results sections. You can choose to include report graphics, add custom text to the report footer, determine how the detailed results should be sorted and how much detail to include for each vulnerability.
> What is the text summary?> What is the text summary?
The text summary includes the total number of vulnerabilities detected, the overall security risk, and the business risk (for reports sorted by asset group). The following tables also appear: total vulnerabilities by status, total vulnerabilities by severity, and top 5 vulnerability categories detected. Note that this option is not available in reports set to Manual scan results selection.
> Tell me about the vulnerability details> Tell me about the vulnerability details
Threat. A description of the threat.
Impact. Possible consequences that may occur if the vulnerability is exploited.
Solution: Patches and Workarounds. A verified solution to remedy the issue, such as a link to the vendor's patch, Web site, or a workaround.
Solution: Virtual Patches and Mitigating Controls. Virtual patch information that is correlated with the vulnerability, when this information is available in the KnowledgeBase. The service correlates virtual patch information obtained from Trend Micro real-time feeds.
Exploitability. Exploitability information that is correlated with this vulnerability, when this information is available in the KnowledgeBase. The service constantly correlates exploitability information from real-time feeds to provide up to date references to exploits and related security resources.
Associated Malware. Malware information that is correlated with this vulnerability, when this information is available in the KnowledgeBase. The service constantly correlates malware information obtained from Trend Micro Threat Encyclopedia real-time feeds to provide up to date references to malware threats and related security resources.
Results. Specific scan test results for each host. Also included: the date the vulnerability was first detected on the host, the date it was last detected on the host, and the total number of times it was detected on the host.
Reopened. The date/time a vulnerability was first reopened, last reopened, and the number of times it was reopened. A vulnerability is reopened when it was verified as fixed by the previous scan and is detected by a new scan.
> Tell me about TruRisk details (ARS, ACS, QDS)> Tell me about TruRisk details (ARS, ACS, QDS)
This option is only visible in subscriptions with the Asset Risk Scoring feature enabled.
Select TruRisk Details (ARS, ACS, QDS) on the Display tab to show Qualys TruRisk scores in your report to help you prioritize vulnerabilities, including Asset Risk Score (ARS), Asset Criticality Score (ACS) and Qualys Detection Score (QDS). Learn more about these scores
Notes:
- This option is supported in reports with Host Based Findings.
- To see ARS and ACS in the report, you must also select Text Summary because these scores appear at the summary level for each host.
- To see QDS in the report, you must also select Vulnerability Details and at least one vulnerability detail like Threat because this score appears when you expand vulnerability details.
- When detailed results are sorted by Host and TruRisk Details are included, then you'll see scores in all report formats: CSV, XML, HTML, DOCX, PDF and MHT.
- When detailed results are sorted by some other method (e.g. vulnerability, operating system, asset group, etc) and TruRisk Details are included, then you'll only see scores in CSV and XML report formats.
> Tell me about the custom footer> Tell me about the custom footer
This is a spot where you can add required information like a disclosure statement or data classification (e.g. Public, Confidential). The footer text you enter will appear on the last page of reports generated from this template, except reports in XML and CSV formats.
Note - You can work with your Technical Account Manager or Qualys Support to have a custom header, footer and logo added to every page of Host Based Scan Reports in PDF format. This is a subscription level setting. See Custom Header, Footer, Logo for Host Based Scan Reports in PDF to learn more.
> Display information for cloud instances> Display information for cloud instances
From Display Cloud Related Information section in the Display tab in the Scan Report Template:
- Select the "Cloud Provider Metadata" check box to include general fields that apply to all cloud providers, including AWS, Azure, GCP, and other future support to your report.
- Select the "Legacy EC2/Azure fields" check box to include cloud provider-specific metadata fields originally introduced for AWS and Azure.
Azure metadata information: public IP address, image offer, image version, subnet, VM state, private IP address, size, subscription ID, location, and resource group name
EC2 metadata information: public and private DNS name, image ID, VPC ID, instance state, instance type, account ID, region code and subnet ID
GCP metadata information: public IP address, VM instance ID, private IP address, VPC network, machine state, machine type, zone, hostname, and MAC address
Refer to the Qualys API (VM, PC) User Guide (section: Cloud Asset Metadata Fields in CSV Format and Cloud Asset Metadata Fields in XML Format) to know the tags which will appear in your scan report
> Display Qualys system IDs> Display Qualys system IDs
Select the "Qualys System IDs" check box (under Display Host Details) to include host identifiers such as host ID, asset ID in the host-based scan report template. Once you launch or download the host-based scan report, the host ID, asset ID information is displayed in the report.
> Tell me about MITRE ATT&CK (MITRE ATT&CK Tactic & Technique Details) > Tell me about MITRE ATT&CK (MITRE ATT&CK Tactic & Technique Details)
Select MITRE ATT&CK (MITRE ATT&CK Tactic and Technique Details) on the Display tab to show the MITRE ATT&CK details.
On selecting this option, the report displays the Tactic and technique name and IDs in the CSV host based report.
This allows you to identify and display the MITRE ATT&CK details associated with QID in the host-based scan report. This provides a clear and structured view of how potential or active threats align with known adversary behaviors. This allows you to take faster remediation actions from an MITRE prioritization perspective.
Note: It supports only host-based CSV reports.