Prelude SCM creates an aggregate device inventory from all control integrations and uses this data to evaluate the control state and health of each integration. In the case of Qualys Vulnerability Management, there are 5 control failure conditions:
- Missing Vulnerability Management Agent (any) - This condition is measured across all vulnerability management integrations and indicates the count and list of devices that do not have a vulnerability management agent installed. If you are using a single vulnerability management tool, this indicates the list of systems missing the Qualys agent.
- Missing Vulnerability Management Scan (any) - This condition is measured across all vulnerability management integrations and indicates the count and list of devices that do not have any authenticated scan records (authenticated or agent).
- Qualys - Missing Vulnerability Management Agent - This condition is specific to Qualys and indicates any devices that have been scanned by Qualys that do not have the Qualys agent installed.
- Qualys - Missing Vulnerability Management Scan - This condition is specific to Qualys and indicates any devices that are known to Qualys that do not have a scan record (authenticated or agent).
- Qualys - Out of date vulnerability scan - This condition is specific to Qualys and indicates any devices that are known to Qualys that have a valid scan record that is more than 14 days old.
Qualys - Discovered Devices
In the world of Vulnerability Management a large number of records are created that have minimal useful information. Devices that respond to a simple ping or are present in an arp scan will show up as discovered devices. In many cases these records are missing operating system, device type and other actionable information. These records are placed under discovered devices and excluded from the control gap reports.