How-to Instructions

Qualys Scan Tool for Vulnerability Management

Qualys Vulnerability Management (VM) scanner is a commercial network-based application used to scan systems for technical vulnerabilities. The scanner actively probes for vulnerabilities using a multi-level scan with a large database of known security holes to identify common system vulnerabilities many of which are caused by oversights such as misconfiguration or missing patches.  Many of the vulnerabilities are also included in CERT, CIAC, and SANS security organization advisories.

The tool provides detailed security reports including detailed instructions on how to fix or reduce the vulnerability. Other features include on-demand scanning of systems, mapping a subnet, flexible scheduling and options for scans and reporting, ticket/remediation tracking, and scans internal and/or external to the University network. New checks for vulnerabilities are added continuously to the scanner.

The University uses the Qualys VM scanner to vulnerability scan multi-user systems and network devices classified at the High or Medium Security Level, or for single-user systems that are in scope for compliance with HIPAA or PCI DSS.

There is no guarantee that the Qualys scanner will not affect services on a production system. Therefore it is important that the affected system have a scan window schedule agreed to by management or other pertinent personnel. If availability is too critical to have a window, then redundancies should be created.

See Qualys VM Information for Technical Users for more detail on how to use the tool.

To request access for your unit to the Qualys VM scanner, email University Information Security.