When adding signatures, our top priority is to identify vulnerabilities and exploits that would have maximum impact on our customers. We try to identify vulnerabilities for software/hardware which we think would most likely be installed in an enterprise environment. Hence, we actively follow and add detections for the most prominent vendors like Microsoft, RedHat, SUSE, etc. Apart from these vendors, we also actively track various sources for vulnerabilities that can have a significant impact (like the recent, Microsoft Exchange) on enterprise customers if exploited.
While there are various factors that we consider when adding a check to our Knowledgebase, the following are some of the important criteria (in no particular order):
- Vendors – Whenever the vulnerabilities are reported/released by popular vendors (like Microsoft, Adobe, Cisco, etc.), we evaluate and add QID’s asap.
- Products – For vulnerabilities affecting popular products found in an enterprise environment (Oracle DB, JAVA, etc.), the team tries to add QID’s asap.
- Severity and Impact – Severity of a vulnerability(Medium, High, etc.) and the impact of vulnerability (RCE, EoP, etc.) are also considered when adding new QIDs
- Exploit – Exploit Availability for a vulnerability is also considered when adding QIDs. Now with ThreatProtect, we try to add more QIDs that have exploits available.
- The Popularity of a Vulnerability – The team monitors all the infosec community very closely, and any vulnerability that is more “talked-about” is added to the Knowledgebase asap.
- Mode of Vulnerability Exploitation – Vulnerabilities are also prioritized based on how they can be exploited (remote, local, authentication, etc.)
- Apart from these factors, we do add QIDs that our customers specifically request for their environments. While we strive to keep our knowledge base updated with all the vulnerabilities released daily, we are often restricted by the limited resources (hardware, software, infrastructure, etc.) at our disposal. In many cases, when customers are kind enough and willing to help us provide us with these resources, we add QIDs for these vulnerabilities.
We try our best to keep up with vulnerabilities disclosed from various sources. Still, sometimes we are limited in procuring the software/hardware because we might miss those vulnerabilities.
If the customer has a specific product for which they would like to add detection, then have the customer open FR for the same, and we will try to work on them.
How to Request a New Detection
Qualys does its best to keep up with vulnerabilities disclosed from various sources. However, due to limitations around procuring software/hardware, we might miss out on a few vulnerabilities.
If you have a specific product for which you would like us to add detection, we request you to take these steps:
1) Check the Vulnerability Detection Pipeline, where you’ll find upcoming and recently published vulnerability signatures for high severity vulnerabilities. The signature you need could already be in the pipeline! Learn more about the pipeline
2) To request a new detection (QID), open a Feature Request (FR) via the Support portal, and we will attempt creating a signature for it at the earliest. In some cases, if you give Qualys access to the related software/hardware, we could provide a signature faster.
Supported OS / Technologies
See the full list of Supported OS / Technologies.