The KnowledgeBase includes flexible searching capabilities to quickly find any vulnerability you're interested in. From the KnowledgeBase, select Search on the top menu and enter your search criteria. Then click the Search button. All vulnerability checks that match your search criteria appear.
When creating or editing a dynamic search list, select the criteria that you want to use to define the list of QIDs in the search list. Then click Save to save the search list. Each time the dynamic search list is used, the service will query the KnowledgeBase to find all QIDs that match the criteria and then include those QIDs in the action. See About Search Lists for more information.
Search for vulnerabilities by the Qualys ID number (QID). Enter all or part of the QID in the field provided. All vulnerabilities with a QID containing your entry are listed. For example, if you enter "19" then the search results include QIDs 19242, 86192, 115819, and so on.
Note: The QID search option does not appear when selecting criteria for a dynamic search list. To include specific QIDs in a search list, create a static search list and then select the QIDs to include.
Search for vulnerabilities based on keywords in the vulnerability title. Enter keywords in the field provided.
Search for vulnerabilities based on discovery method.
All. Select to search all vulnerabilities in the KnowledgeBase. Not all vulnerabilities are assigned a discovery method.
Remote Only. Select to search for vulnerabilities assigned the Remote Only discovery method. These vulnerabilities can be detected only using remote (unauthenticated) scanning.
Authenticated Only. Select to search for vulnerabilities assigned the Authenticated Only discovery method. These vulnerabilities can be detected only using authenticated scanning.
Remote and Authenticated. Select to search for vulnerabilities assigned the Remote and Authenticated discovery method. These vulnerabilities can be detected using remote scanning or authenticated scanning.
Search for vulnerabilities that are more likely to be detected by authenticated trusted scans with specific authentication types. Select one or more of the following authentication types: Windows, Unix, Oracle and SNMP. Read About Trusted Scanning for more information.
Note: If you are searching for one or more authentication types, you cannot also search for remote only discovery. If you select an authentication type and also select the remote only discovery method, the search will result in no matches.
Search for vulnerabilities that are disabled or edited.
Disabled. Managers can disable vulnerabilities in order to globally filter them from all hosts in all scan reports. Disabled vulnerabilities appear grayed out in the vulnerabilities list and in vulnerability scan results.
Edited. Managers can customize vulnerability content (Threat, Impact and Solution) and change the severity level assigned to the vulnerability.
Search for vulnerabilities by the category that the vulnerability is assigned to. Select a category from the Category menu. See Vulnerability Categories for a description and examples for each category.
All web application vulnerabilities are assigned to the Web Application category. Users have the ability to scan for web application vulnerabilities when the web application scanning (WAS) module is enabled at the subscription level and users have WAS permissions. See Users and WAS Features.
Search for vulnerabilities by the severity level assigned to the vulnerability. Select each severity level to include in the list. You may select any combination of Levels 1-5 for Confirmed, Potential and Information gathered vulnerability types.
Search for vulnerabilities and potential vulnerabilities by the vendor or product associated with them. Vendor and product information is provided by NIST as a part of CVE information. Since Information Gathered checks don't have associated CVE information, they cannot be searched.
Important! Not all vulnerabilities (QIDs) have an associated vendor and product. This means if you enter a certain vendor as search criteria, for example, the search results may not list all QIDs associated with that vendor.
Vendor. Select to search for vulnerabilities for a particular vendor (for example HP, IBM, Apple, Adobe, Oracle, SUSE). Only QIDs with an associated vendor (as provided from NIST) are returned in the search results.
Product. Select to search for vulnerabilities for a particular product (for example Sendmail, Tomcat, Firefox, the .net framework). Only QIDs with an associated product (as provided from NIST) are returned in the search results.
When searching for both a vendor and product please note the following. If you select both a vendor and a product, then the search results will only include vulnerabilities that match both of your selections. If you select a vendor and a product that are not compatible, then the search results will include no matches.
Search for vulnerabilities by CVSS values. The following CVSS options are only available when CVSS Scoring is enabled for the subscription. Read CVSS Scoring for more information. Note that Information Gathered checks are not assigned CVSS values and will not be returned in the search results.
CVSS Base Score. Select to list vulnerabilities with a CVSS Base score that is equal to or greater than your entry.
CVSS Temporal Score. Select to list vulnerabilities with a CVSS Temporal score that is equal to or greater than your entry.
CVSS Access Vector. Select to list vulnerabilities based on the level of access required to exploit the vulnerability. CVSS Access Vector values are Local Access, Adjacent Network and Network. See CVSS Access Vector for a complete description of these values. Optionally, select "All" to list all vulnerabilities regardless of access vector or select "Undefined" to list vulnerabilities that have not been defined with an access vector by NIST or by the service.
Search for vulnerabilities based on patch availability. When patch information is available for a vulnerability, the patch information appears in the Solution description for the vulnerability. The Solution description may include vendor-supplied patches and/or Trend Micro virtual patches that have been correlated with the vulnerability.
By default, all patch solutions are included in your search. You may select one or more of the following search options to limit the results. When multiple options are selected, the search results include vulnerabilities that match any of the selected options.
Patch Available. Select to list vulnerabilities for which a vendor-supplied patch is currently available.
Trend Micro Virtual Patch Available. Select to list vulnerabilities for which a Trend Micro virtual patch is currently available. The service correlates virtual patch information obtained from Trend Micro real-time feeds.
No Patch Solution. Select to list vulnerabilities for which there is no patch solution, meaning there is no vendor-supplied patch and no Trend Micro virtual patch.
Some vulnerabilities in the KnowledgeBase have both vendor-supplied patches and Trend Micro virtual patches. When you search by one of these options, your results may include QIDs that have both patch solutions available. See the search examples below to understand the search behavior.
Search Examples:
1) If you select "Patch Available" and "Trend Micro Virtual Patch Available" then the search results include QIDs that have at least one of the patch solutions. The results include QIDs that have only vendor-supplied patches, QIDs that have only Trend Micro virtual patches, and QIDs that have both types of patches.
2) If you select "Trend Micro Virtual Patch Available" and "No Patch Solution" then the search results include QIDs that match at least one of your selections. The results include QIDs that have only Trend Micro virtual patches, QIDs that have both Trend Micro virtual patches and vendor-supplied patches, and QIDs that have no patch solution.
Tip: The service provides a pre-configured report template in the Library for reporting QIDs that only have Trend Micro virtual patches and do not also have vendor-supplied patches. See Importing Report Templates from the Library to learn how to import report templates from the Library.
Search for vulnerabilities by external reference information.
CVE ID. Select to search for a specific CVE ID number.
Exploitability. Select to search for vulnerabilities with exploitability information. Select one or more information sources from the list provided. Any vulnerability with exploitability information from at least one of the selected sources is returned in the search results.
Associated Malware. Select to search for vulnerabilities for which malware information is available in the Trend Micro Threat Encylopedia.
Vendor Reference. Select to search for a reference or ID number released by the vendor in regards to the vulnerability, such as a Microsoft Security Bulletin reference like MS03-046.
Bugtraq ID. Select to search for the Bugtraq ID number assigned to a vulnerability by SecurityFocus, a vendor-neutral web site that provides security information to members of the security community.
Search for vulnerabilities based on when the service last modified the vulnerability. Enter a range of dates in the fields provided.
The Service Modified date is updated when any of the following attributes have been changed: severity level, threat description, impact description, solution description, patch availability, CVSS base score, CVSS temporal score, authentication requirement, or PCI relevance.
Search for vulnerabilities based on when a user last modified the vulnerability. Enter a range of dates in the fields provided.
The User Modified date is updated when any of the following attributes have been changed: severity level, threat comments, impact comments, or solution comments.
Search for vulnerabilities based on when the service added the vulnerability to the KnowledgeBase. Enter a range of dates in the fields provided.
Search for vulnerabilities based on keywords in the vulnerability Threat, Impact or Solution description. Enter keywords in the field provided.
Search for vulnerabilities based on compliance details or compliance type.
Compliance Details. Search for vulnerabilities by keywords in the compliance description or section number.
Compliance Type. Select from the following compliance types to list vulnerabilities associated with government and industry-specific regulations: CoBIT, HIPAA, GLBA, SOX and PCI. If you select more than one type, then the search results will list vulnerabilities associated with any of the selected types. For example, if you select HIPAA and SOX, then the search results will include vulnerabilities associated with HIPAA or SOX or both. For more information on compliance types, see Compliance Definitions.
Search for vulnerabilities that are included in the Qualys Top 20 list or the SANS Top 20 list.
Qualys Top 20. Qualys Top 20 is a dynamic list of the 20 highest-risk security vulnerabilities comprised of the 10 most prevalent internal vulnerabilities (detected on private IPs) and the 10 most prevalent external vulnerabilities (detected on public IPs). The Qualys Top 20 is updated automatically and continuously from a statistically representative sample of thousands of networks. You can search for QIDs in the internal list, external list or both.
Other: SANS 20. The SANS Institute publishes a list of the 20 most critical Internet security vulnerabilities as of 2008, including top vulnerabilities in Windows systems, Unix systems, cross-platform applications and networking products. For each of the SANS Top 20 vulnerabilities, the service scans for multiple QIDs. You can search for QIDs in the SANS Top 20 list.
Important: The SANS Top 20 list was last updated in 2008. For more accurate information on the most prevalent and critical real-world vulnerabilities use the Qualys Top 20 list.
Note: The Provider search option only appears if the private QIDs feature is enabled for your subscription.
Some subscriptions are enabled to include private QIDs from outside vulnerability providers, such as VeriSign's iDefense service. If this service is enabled, these private QIDs are automatically integrated into the KnowledgeBase and are searchable by selecting the provider name. When you select the provider name, all private QIDs currently available from the provider are listed.
Like other QIDs, private QIDs may be included in vulnerability search lists (static and dynamic) and then assigned to option profiles, scan report templates and remediation policy rules. They may also be included in asset search and risk analysis reports. Note that private QIDs are not editable in the KnowledgeBase.
When a private QID is released to the public, the QID is no longer considered private. It becomes available to all users in the KnowledgeBase with the same QID number. It will no longer be returned in search results when you search by the provider name and it will not be included in dynamic search lists where the provider name is the specified criteria.