Qualys provides fully secure audit trails that track vulnerability status for all detected
vulnerabilities. As follow up audits occur, vulnerability status levels - new, active, fixed,
and re-opened - are updated automatically and identified in trend reports, giving users
access to the most up-to-date security status. Using Remediation Workflow, Qualys
automatically updates vulnerability status in remediation tickets, triggering ticket
updates and closure in cases where vulnerabilities are verified as fixed.
Ticket information includes:
Ticket Due Date - Each ticket has a due date for ticket resolution. The number of days allowed for ticket resolution is set as part of the policy rule configuration. Overdue tickets are those tickets for which the due date for resolution has passed.
Ticket state/status - Several events trigger ticket updates as described earlier. Certain ticket updates result in changes to the ticket state/status as indicated below:
Open refers to new and reopened tickets. Tickets are reopened in these cases:
when the service detected vulnerabilities for tickets with state/status Resolved or Closed/Fixed
when users or the service reopened Closed/Ignored tickets.
Resolved refers to tickets marked as resolved by users.
Closed/Fixed refers to tickets with vulnerabilities verified as fixed by the service.
Closed/Ignored refers to tickets ignored by users or the service (based on a user policy).
Also, users can ignore vulnerabilities on hosts. If tickets exist for vulnerabilities set to ignore status, the service sets them to Closed/Ignored, and if tickets do not exist for these issues the service adds new tickets and changes them to Closed/Ignored.
Invalid tickets - Tickets are invalid due to the changing status of the IP address or ticket owner. Regarding the IP address, a ticket is marked invalid when the ticket’s IP address is removed from the ticket owner’s account (applies to Unit Manager, Scanner, or Reader). Regarding the ticket owner, a ticket is marked invalid when the ticket owner's account is inactive, deleted, or the user's role was changed to Contact.
You can manually create a remediation ticket for any vulnerability instance, from a scan report or from the host information view.
Use the following APIs to manage remediation tickets.