Qualys Vulnerability Management: Introduction
Welcome back everyone!
So if you have been following along with my other posts, I have recently finished setting up a three-node Proxmox cluster to act as my home lab environment. 3 nodes should provide enough flexibility for various assortments of projects the first of which being setting up Qualys for vulnerability scanning!
Why Qualys?
Qualys is a SaaS/cloud-based vulnerability management platform that was founded in 1999. Since 1999, they have become the leading provider of info sec and compliance cloud solutions. Organizations use Qualys for scanning, discovery, and prioritization of vulnerabilities found on their endpoints and servers but, Qualys as a company offers many more options to their customers than just that. 1
How does it work
Qualys is a SaaS so the platform runs on the cloud. Enterprises subscribe to the service and that service will then scan and report on any device that is added to the organizations implementation. This is done via installing what are called software agents on endpoints to be scanned or installing a scanner appliance, which scans the hosts without the need to install any software on the endpoints. The software agents carry out the task of scanning the endpoint and reporting telemetry back to Qualys cloud servers as do the scanner appliances. Qualys as a platform provides a dashboard for viewing all endpoints and the results of their scans. The platform will also alert on vulnerabilities found, based on the organizations settings and implementation.
Qualys Community Edition
Lucky for us cyber security learners, Qualys the company provides a handy community edition of their platform and software. This gives us and anyone else that would like to learn about to tool/platform access to make an account, install agent software on endpoints and see results.
Creating a Qualys Account
First things first, we need to create an account to access the Qualys platform. A quick google search brought up the direct URL to make an community edition account, https://qualys.com/community-edition.
Just fill out the information and you should receive and email in your inbox to confirm the creation of the account.
At this point I had a bit of a wait before my account information was emails to me, so I took the time to checkout the "Getting Started" guide which can be found here. The PDF offers a good amount of documentation on how to ingest endpoints and even entire domains into the platform, allowing for configuration of scanning and alerting.
After you receive your initial login credentials and sign in to Qualys, you’ll be presented with the main dashboard along with initial setup steps for configuring scanning in your environment.
In my lab implementation, I began by setting up a vulnerable Windows 10 VM to test scanning using both a Qualys scanner appliance and a Qualys cloud agent. Turn to the next page for a step-by-step guide on how I built this Windows test environment for vulnerability scanning.