Can Qualys scan a mainframe?

Can Qualys scan a mainframe?

Here’s a tough question that follows me wherever I go, as a vulnerability management practitioner. Can Qualys scan a mainframe? I’m going to answer that question in a way that proves I probably should run for office someday. It depends what you mean by “scan.” I’ll also hedge by saying the appropriate first word in that sentence is “should,” rather than “can.”

Read more

How do you secure an API?

How do you secure an API?

A former coworker called me up the other day. He interviewed for a job and they asked him how to secure an API. Which reminded me of the many times people asked me how to scan an API with Qualys when I worked at Qualys. You’re certainly not going to give a complete answer in a job interview, and I’m not sure I can do much besides send you down the right path, but there are certainly some wrong answers to this. So let’s talk about how you secure an API.

Read more

Rebuild machines without making duplicates in Qualys or Tenable

Rebuild machines without making duplicates in Qualys or Tenable

My friend does vulnerability management for a company that likes to rebuild machines instead of patching them. I don’t judge; that’s how I wanted to patch machines when I was a sysadmin but I didn’t have fast enough storage. But if you do this, you’re liable to end up with duplicate machines in your reports. One unpatched, and the other one (hopefully) patched. Here’s how to rebuild machines without making duplicates in Qualys or Tenable.

Read more

Force a Qualys Cloud Agent scan

Force a Qualys Cloud Agent scan

Unlike its leading competitor, the Qualys Cloud Agent scans automatically. This is good and bad. It means you don’t have to schedule scans, but it also means the Qualys agent essentially has free will. The results wander in whenever they feel like wandering in, and some people want more control than that. Especially at the end of a maintenance window. How to initiate an agent scan was easily the most frequent question I got when I was supporting Qualys for a living. And for a long time, you couldn’t. Then, when Qualys released the feature, they did so about as quietly as can be. Here’s how to force a Qualys Cloud Agent scan.

You can force a Qualys Cloud Agent scan on Windows by toggling a registry key, or from Linux by running the cloudagentctl.sh shell script.

Read more