Qualys Tickets
February 28, 2015The primary way to track remediation in Qualys is by using it’s built in ticketing system. You can prioritize and fix vulnerabilities using recommended solutions, such as patches and workarounds, which are provided in scan reports. Remediation workflow allows users to manage vulnerabilities through remediation tickets. Each ticket corresponds to a vulnerability (QID) detected on a particular host and port.
Tickets are automatically created per the remediation policy whenever a scan is run. If a scan discovers a confirmed or potential vulnerability with a level of 4 or 5, a ticket is created for the asset owner.
You can view your open tickets by clicking on the remediation icon in the Navigation panel of QualysGuard.
It shows the date that remediation is due, the ticket status, the dns name and the vulnerability name and severity.
Ticket resolution – If a rescan occurs and the vulnerability is no longer detected, the ticket will be automatically closed.
Otherwise, you must apply patches or firewall blocks or other remediation steps yourself. Once completed, be sure to add notes stating what actions were taken and change the ticket status to RESOLVED.
Try to include the remedy ticket number for reference as well.
If you are not responsible for patching the particular vulnerability assigned to you, you can route it to another QualysGuard user. If the user does not exist, contact your administrator to add the person’s account. See below to see an example of a ticket reassignment. Be sure to note in the comments section why you are changing the ownership of the vulnerability.