AI-Powered Scan Optimization
AI-Powered scan optimization uses AI-assisted clustering of QIDs that optimizes the detection scope to scan critical and high-risk areas. This significantly reduces the scan time while ensuring targeted scans for comprehensive vulnerability detection and faster issue resolution.
To enable AI-powered Scan Optimization, an option is available in the Vulnerability Scan > Scan Settings. See AI-Powered Scan Optimization.
When this option is selected, the detection scope defined in the option profile is not considered.
AI-Powered Scan Optimization Frequently Asked Questions (FAQs)
With the AI-Powered Scan Optimization option, AI profiles your web application and intelligently optimizes and selects the most relevant detections to use, reducing scan time while maintaining comprehensive security coverage.
QAI-Powered Scan Optimization Overview
How does AI-Powered Scan Optimization work?How does AI-Powered Scan Optimization work?
The scanner profiles your application by running profiling-related detections and uses these results to build a detection plan using Qualys AI for your application through a process called Profiling. After profiling is completed, this detection plan is used to run security tests, followed by a standard reporting workflow.
We recommend a combination approach of running a full scan periodically or when there are major changes in an application, and using AI-Powered Scan optimization for your high-frequency scans.
Profiling and Scan Management
How is comprehensive scan coverage maintained?How is comprehensive scan coverage maintained?
Scan coverage is maintained by including all existing detections in the profiling process and ensuring no previously detected vulnerabilities are dropped. The Qualys AI builds upon your application's specific security profile to maintain comprehensive testing.
Yes, we recommend full scans periodically to detect application changes, especially for frequently updated applications. Consider full scans after major releases, security incidents, significant infrastructure changes, or quarterly for compliance requirements.
To perform a full scan, you can update the scan schedule or run a scan with the AI-Powered Scan Optimization feature disabled and detection scope with "everything" in option profile. This can be done through "scan configuration" settings.
Profiling is performed on Qualys Cloud. Hence, AI-based profiling is independent of the type of scanner. Internal scanners use this detection plan to execute tests.
The profile remains relevant as long as your application does not undergo major changes. Once created, the profile stays valid until you manually disable the AI-Powered Scan Optimization feature. There is an automatic refresh of the profile with every scan if AI-Powered Scan Optimization is enabled.
Major changes, such as tech stack modifications, hosting environment changes, authentication mechanism updates, significant architectural changes, new functionality additions, and infrastructure modifications. Any change that affects the application's attack surface or security posture requires profile recalibration.
Detection Handling
Does AI Optimization use existing detections? Does AI Optimization use existing detections?
Yes, existing detections are used for profiling, and any previously detected vulnerability will continue to be tested in post-profiling scans. No detection is ever dropped once it's been identified.
Since profiling is based on detections, purging will cause the scanner to recalibrate the profile. Detections that were purged but not found during profiling are not considered for future scanning.
Scan reports continue to show all detections found after profiling. The reporting format and vulnerability presentation remain unchanged from standard scanning.