Qualys: Good Scan Practices
- Set up scheduled scans (at least monthly, recommend weekly) and reports. Some systems are required to scan weekly.
- Scan using external scan appliance and prioritize the vulnerabilities to fix (e.g., Confirmed 4 & 5) and re-scan.
- Scan using internal scan appliance and prioritize the vulnerabilities to fix (e.g., Confirmed 4 & 5) and re-scan.
- Use patch report to identify vulnerabilities to patch and use search lists to scan and report on before and after patching.
- Use remediation tickets to document remediation plans that require additional time to fix. Periodically review and update the remediation ticket.
- Identify types of report to run, include frequency and report recipients.
- Use trend report templates to show vulnerability and remediation trends.
- Use the external scan appliance to test your firewall rules.
- Use a sandbox IP. Use an IP address to scan the pre-production server and when ready to put in production, move it to a production IP address. This is especially useful for one-time scan for systems that are important and not critical.