I had no intention to write this but after 2 years of of using the platform and no real improvements I figured I would express my thoughts.
Some of these issues are perplexing.
- Qualys generally has issues after any maintenance updates which are applied to their cloud service. After the last two years of using their platform, their cloud platform usually has some critical error or major UI issue which prevents you from accessing data. The good news is that their status page advises you of this now, so we are informed. The bad news is that this happens every time, so no in-depth testing seems to occur before release, or Qualys doesn’t have the capabilities to test their software service enough. However, they note in the maintenance announcement that this is “in the rare circumstance,” but I wouldn’t say the last eight updates all had significant issues as rare. I think they should remove that language because this is common now.
- Within the Qualys platform, many queries and data output in reports displays Windows Operating systems as their Codenames instead of their actual build releases. No idea why this is done, nor why this is not fixed. Stop referring to Windows 10 1809 as Windows 10 Redstone 5 please… here is a wiki to fix this issue.
- Qualys should pull in the Windows 10 UBR version information. The UBR information tells you the latest Cumulative Update applied to a machine. The UBR can be found here. This can provide security engineers and remediation teams pertinent information regarding the patching level of a Windows machine. Surfacing this information would streamline a lot of patching risk as Windows OS updates are cumulative now.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UBR- Cloud Agent Last Activity and Last Checked-in is not that helpful.
- When using the Cloud Agent should it should report the Date of Last Vulnerability Scan. (Last Activity and Last Checked is not very helpful)
- I also wish the Cloud Agent would provide a 30-day historical vulnerability count.
- Report customization is extremely limited. You should be able to customize the columns and fields.
- You should be able to customize the columns on all the UI interfaces, and those settings should save on a per-user basis. It would be great if, on the Vulnerability View section, I could customize it so that it met my requirements with the following columns instead of the default ones that provide little value. Even the new/beta version doesn’t look like it has any of this functionality.
- What I would Like: QID, Title, Detected Date, Results Output, Severity
- What we get: QID, Title, Detected Date, Port, Protocol, Instance Severity.. yay wasted space!
- If you use use or have Cloud Agent you should be able to force a VM/PC rescan from the Cloud Console without having to use the registry keys
- Ability to use more complex queries for Widgets. Widget functionality is limiting.
- If you perform a search with the same criteria again you may get different results. This is frustrating.
- Tag Rule creation should automatically have the following items checked by default (Ignore Case & Re-Evaluate rule on save)
- Also if you use Policy Compliance and use the feature create your own “Custom Control” you would think the edit button would allow you to change the parameters.. well this is Qualys and you cannot. You have to re-create it from scratch. If you are testing a registry path have fun 🙂 with doing that exercise several times.