Tell me about Vulnerability Scan Results

Every completed scan has a scan results report with the raw, unfiltered results.

How do I see my scan results?

Authentication failed. What should I do?

How do I download the scan results?

Why don't I see data in my graphs?

Can I look at partial results as my scan is running?

My report is large. How do I see all sections?

Tell me about Average Security Risk

How do I know if authentication was successful?

What's in the Detailed Results section of the report?

Tell me about host scan data and scan reports

Why wasn't my host scanned?

Tell me about vulnerability status

Why don't I see some Information Gathered (IG) type QIDs in scan results?

Think you might have a false positive?


Check out this video:


How do I see my scan results?

Go to VM/VMDR > Scans, identify the scan you're interested in and select View from the Quick Actions menu.

How do I download the scan results?

By selecting Download from the Quick Actions menu you can save a copy locally in one of many formats.

Scan results in XML: Qualys API (VM, PC) User Guide PDF Icon

Can I look at partial results as my scan is running?

Yes. Choose View from the Quick Actions menu for your running scan. The scan status appears and partial results are available in an HTML report for the IPs that have been scanned. You can look at the results but you can't run reports on the data until the scan is finished and the results have been processed.

Tell me about Average Security Risk

You'll see the average security risk score for all active hosts in the scan results report in the Summary of Vulnerabilities section. The average security risk is calculated as the sum of the security risk scores for all active hosts divided by the number of active hosts. (This calculation method applies to the averages security risk in scan results.)

What is the security risk for each active host?

What are active hosts?

Show me the formula

What's in the Detailed Results section of the report?

You'll see each scanned host identified by IP address with additional information (if collected during the scan):

IP address (DNS hostname, NetBIOS hostname) Operating System

For each host, you'll see the detected vulnerabilities by severity level - confirmed vulnerabilities, potential vulnerabilities and information gathered. Disabled vulnerabilities will appear grayed out.

Why wasn't my host scanned?

You'll see a list of hosts that were scanned and not scanned in the Appendix section of your scan results. A host may not be scanned for a variety of reasons.

Show me reasons a host may not be scanned

Authentication to my host failed. What should I do?

Hosts that fail authentication appear in the Appendix section of your results. We recommend you run the Authentication Report to get information to help you with troubleshooting the issue before you launch new scans. Go to Reports > Reports and choose New > Authentication Report.

Why don't I see data in the graphs?

The Operating Systems Detected graph will be empty if your scan did not include "Operating System Detected" vulnerability (QID 45017). The Services Detected graph will be empty if your scan did not include "Open TCP Services List" (QID 82023) and "Open UDP Services List" (QID 82004). Check the option profile you selected for the scan to be sure these QIDs are selected.

My report is large. How do I see all the sections?

Large reports are divided into segments of IPs to make the results more manageable. Use the View menu to see the available segments, and then select a segment and click Go to see the results for that segment.

Tip: Create a scan report with fewer hosts using a report template that filters the output by asset groups or tags. This will make your scan results more manageable for reviewing and sharing with others. You can do this by going to VM/VMDR > Reports > Templates. There are several templates you can choose from (we recommend the Technical Report or the High Severity Report to begin) and you can change the template to select asset group or tags.

How do I know if authentication was successful?

For authenticated scans it's important to verify that authentication was successful. It is recommended that you resolve authentication failures before the next scan. Learn more

Tell me about host scan data and scan reports

We store saved scan results separate from host scan data (also called Automatic data). Host scan data is the normalized data collected from your scan results and this is updated as new scans are completed and scan results are processed. Host scan data provides the most up-to-date information and current security status for each host. This appears throughout the user interface and in Automatic vulnerability scan reports. Learn more

Think you might have a false positive?

Review the Results section of the QID for the host. This will show you the specific reasoning why the vulnerability was reported for that host. Learn more

Why don't I see some Information Gathered (IG) type QIDs in scan results?

For potential and confirmed vulnerabilities, the vulnerability status (New, Active, or Fixed) is updated and recorded with every scan. For more information, see Vulnerability Status Levels.

However, for Information Gathered (IG) type vulnerabilities, this status is not retained. Consequently, when an IG-type vulnerability is fixed (that is, when it is not detected in the ongoing scan), it is removed from the scan results without displaying the Fixed status.

Notes:

If asset merging is enabled with option (agentless +correlation id)

If asset merging is not enabled