Map and scan configuration options are defined in option profiles. When launching and scheduling maps and scans, you'll be required to apply a profile to the task. The service provides several pre-defined option profiles and you can create custom option profiles. For example, you may want to create custom option profiles to fine-tune scanning parameters, specify ports/services to be scanned and only test for specific vulnerabilities, such as vulnerabilities related to a particular product or operating system. You can also enable authentication to allow the scanning engine to perform trusted scanning for more in-depth vulnerability analysis.
Manage option profiles from the option profiles list (Tools > Option Profiles).
Several option profiles are provided by the service for your convenience. Profiles are provided for scanning Qualys Top 20 vulnerabilities, SANS Top 20 vulnerabilities, and testing compliance with the Payment Card Industry Data Security Standard. See Option Profiles Provided by the Service.
Important: The SANS Top 20 list was last updated in 2008. For more accurate information on the most prevalent and critical real-world vulnerabilities use the Qualys Top 20 list.
The Library provides a variety of option profiles that you can import to your account. You can use imported option profiles as-is or edit them as needed. See About the Library.
It's best practice to apply the same set of options across scan tasks to ensure compliance with corporate security policies and accurate trend reporting. A default option profile is defined for this reason. The service provides an initial default option profile called "Initial Options" which may be customized and renamed. For subscriptions with multiple users, the same default option profile is globally available to all users in the subscription.
In subscriptions with multiple users, Managers and Unit Managers can create global option profiles for use by their users. This allows users with management responsibility to establish a base-line standard for map and scan tasks.
Global profiles created by Managers are made available to all users in the subscription. Global profiles created by Unit Managers are made available to all users in their business unit. If a user has permission to create option profiles, then the user also has permission to save personal copies of global profiles published by their Managers in order to use them as the basis for new option profiles.
In subscriptions with the compliance module enabled, users can launch compliance scans to identify whether hosts are compliant with user-defined policies. Before you can launch a compliance scan, a compliance profile must be available on the option profiles list in your account. The service does not provide a default compliance profile. A Manager or another user with compliance management privileges must create a compliance profile. Once created, the profile is available when launching and scheduling compliance scans.