Scan CIs and IP addresses

If you suspect that your CIs or IP addresses contain vulnerable software, you can create a request to scan them. Also, if you question whether a vulnerability has been resolved, you can create a request to have a CI or IP addresses rescanned.

Before you begin

Role required: sn_vul.vulnerability_read

Procedure

  1. Navigate to Vulnerability > Vulnerability Scanning > Scans.
    The Scans list shows all scans, including submitted and pending scans.
  2. Click New.
  3. Fill in the fields on the form, as appropriate.
    Table 1. Scans
    Field Description
    Number The auto-generated record number for this request.
    Scanner Select the third-party scanner to be used for this scan. The default scanner is initially displayed.
    IP Addresses Enter the IP addresses to be scanned, separated by commas. You can also enter a range of IP addresses (for example 192.168.1.100-192.168.1.200 or 192.168.5.0-192.168.6.255).
    Time requested The date and time the request was created.
    Requested by The name of the requester.
    State The current state of the request. The default state upon scan creation is Draft.
    Reference External reference information for the third-party scan request. This information is scanner-specific but is generally an external scan identifier.
    Status message A status message generated by the third-party scanner.
    Integration run The integration run record used to invoke and integration to retrieve additional scan data.
    Results import set The import set of the transformed scan results, if applicable.
    Raw response Additional information returned by the remote scanner.
    Qualys Scan Details
    Parent scan The parent scan that was used to distribute IP addresses and/or CIs to the appropriate scanner appliances.
    Scanner appliance The Qualys scanner appliance to use to scan the associated IP addresses and/or CIs. If the appliance record was manually created, and this field is empty, the appliance to be used is determined automatically.
    Use default appliance Select to indicate that the default appliance should be used if a scanner appliance was not specified.
    Note: The Child scans related list is populated by Qualys if any child scans were spawned.
  4. Right-click in the form header and select Save.
    The following related lists and an Initiate Scan button appear.
    • Configuration Item: If you want to scan configuration items along with the IP addresses (if any), click Edit in the Configuration Item related list, select the CIs you want scanned, and click Save.
    • Source: If this scan originates from another task, such as a security scan request or a vulnerable item, this related list references that task. For new records created using the Vulnerability Scan form, this related list is empty.
    • Vulnerability: Lists the vulnerabilities to be scanned.
  5. Click Initiate Scan.
    The IP addresses and/or CIs are scanned by the Qualys scanner and the raw results of the scan are attached to the vulnerability or vulnerable item record. If vulnerable items are still found, the State of the record transitions to Reopened, Also, a work note is added to the record to indicate that the vulnerable items were not fixed. The work note includes a link to the scan results where the vulnerability was found, along with the scanner name and the date and time of the scan.