The vulnerability scanner Qualys has the ability to filter superseded updates in its reports and over the API. This is a popular feature. Unfortunately, it does have some caveats that aren’t always very well understood. Here’s what you need to know about Qualys superseded updates and its caveats.
A former Microsoft executive referenced watermelon KPIs the other day on social media. It’s been a long time since I’ve heard that term, but I see examples of watermelon KPIs frequently. Let’s talk about what watermelon KPIs are, how to recognize them, and why they are bad, but people still love them.
A watermelon KPI is a statistic or metric that looks good, but upon further examination, is actually bad. Like a watermelon, these KPIs are green on the outside, but red on the inside.
Of course, saying you can update Windows without rebooting is a bit of a misnomer. Some updates don’t require a reboot, but with the ones that do, there isn’t really any getting around it. You can delay the reboot, but if you never get around to rebooting, you have a partially applied update indefinitely.
But here’s how I used to use delayed reboots to help me get more done in my maintenance window.
A pocket veto is a political term, but it doesn’t strictly apply only to governments. It is also a concept or practice in business politics. It’s something I deal with quite a bit as a security professional.
October is security awareness month. So before you go spend the remaining 11 months of the year blissfully less aware of what security types like me do, let’s talk about what a security champion is, and the role a security champion plays in the IT organization.
Reading and analyzing a Qualys scan is an underrated skill. Frankly, I see a lot of misuse and abuse surrounding Qualys scans. So let’s talk about how to read and analyze a Qualys scan for the purpose of understanding and solving problems.
You can read it in the user interface but I recommend exporting a CSV so you can sort and filter. The exact CSV format has changed a bit over the years so they may not be in this exact order. But this will get you started. The most important columns are all here.
I am 75% confident your vulnerability management metrics are too complicated. I’m 75% confident because I’d need to see examples from about twice as many organizations than I’ve seen in order to be 95% confident. But I’ve probably seen 150 more samples than most people. But I have bad news for you. I’m 75% confident your vulnerability management metrics are too simplistic. How can you be both? Measuring the wrong things puts you in situations like that. So let’s talk about NIST’s recommended vulnerability management metrics, and how to more closely align with their recommendations.
As a security professional, I frequently get questions about security careers. One common topic is the role of SOC analyst. What is a SOC analyst, and is a SOC analyst a good job? Those are fair questions, and not necessarily as straightforward as it first sounds.
There’s been a number of times in my career where I’ve needed to convert files to plain text. That means plain. No smart quotes, Unicode, extended ASCII characters, or other funny business. Here’s how to use Notepad++ to quickly remove all of these types of characters from a text file. Here’s what to do when your plaintext isn’t plain enough.
Reading and analyzing a Nessus scan is an underrated skill. Frankly, I see a lot of misuse and abuse surrounding Nessus scans. So let’s talk about how to read and analyze a Nessus scan for the purpose of understanding and solving problems.
You can read it in the user interface but I recommend exporting a CSV so you can sort and filter. The exact CSV format has changed a bit over the years so they may not be in this exact order. But this will get you started. The most important columns are all here. You’ll find it very similar to reading a Qualys scan report.
For reference, I used the sample file here: https://github.com/derekmorr/nessus-csv/blob/master/nessus_test.csv