Vulnerability Notification
for Teams
Quick Start
November 20, 2017
Copyright 2015-2017 by Qualys, Inc. All Rights Reserved.
Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks are the property of
their respective owners.
Qualys, Inc.
919 E Hillsdale Blvd
Foster City, CA 94404
1 (650) 801 6100
3
Contents
Inform your teams on vulnerabilities ............................................................ 4
Start sending notifications to your teams............................................................................................ 4
Tell me about KnowledgeBase Only users.......................................................................................... 4
How do I create users with KnowledgeBase Only access................................................................. 4
User creation using the API................................................................................................................... 6
How do I create custom notifications................................................................................................... 7
How users stay updated on vulnerabilities ................................................ 10
User permissions and controls .................................................................... 12
Tell me about user permissions .......................................................................................................... 12
Basic API support.................................................................................................................................. 12
About Qualys ................................................................................................. 13
Qualys Support...................................................................................................................................... 13
4
Inform your teams on vulnerabilities
The Qualys KnowledgeBase has the largest and most up to date number of vulnerability tests
available in the world. By setting up the vulnerability notification feature your teams will be
informed on vulnerabilities they are interested in - new and updated vulnerabilities will be
included.
Start sending notifications to your teams
Create new users (optional). Vulnerability notifications can be sent to existing users in your
subscription and to users outside of the subscription. Notifications may also be sent to
KnowledgeBase Only users when this option is enabled for your subscription.
Associate users with vulnerabilities. Create search lists to identify vulnerabilities your teams
will be alerted on, and assign them (and users) to distribution groups.
We’ll start sending notifications to users! Your users will receive notifications on the
vulnerabilities that match search lists in distribution groups they are assigned to.
Tell me about KnowledgeBase Only users
- KnowledgeBase Only is a user role with limited access to the UI. This user role is available only
when enabled for your subscription. Don’t have this? Contact your Technical Account Manager
or our Support Team.
- KnowledgeBase Only users can send and receive vulnerability notifications, and view
vulnerabilities in the Qualys KnowledgeBase. They are in the Unassigned business unit and do
not have any assets.
How do I create users with KnowledgeBase Only access
You’ll create new users from the Users section.
Inform your teams on vulnerabilities
How do I create users with KnowledgeBase Only access
5
Go to the Users tab and select New > User and enter user information like any other user.
For user role select “KnowledgeBase Only”. You’ll notice this user is not assigned any assets.
By default the user will receive the Latest Vulnerabilities notification on a weekly basis. This
email lists all vulnerabilities and potential vulnerabilities added to the Qualys KnowledgeBase
since the previous week. You can change the email frequency to daily or turn it off.
Inform your teams on vulnerabilities
User creation using the API
6
This sample Latest Vulnerabilities notification shows vulnerabilities added between November 2,
2015 and November 8, 2015. A CSV file is attached to provide additional details for each QID.
User creation using the API
Our Qualys API supports adding KnowledgeBase Only users. The User API v1 (/msp/user.php)
can be used to create users using the parameter user_role=kbuser.
Sample API request
This request creates a new KnowledgeBase Only user including all required parameters:
https://qualysapi.qualys.com/msp/user.php?action=add&user_role=kbuser&bu
siness_unit=Unassigned&first_name=Jason&last_name=Kim&title=Security+Con
sultant&phone=2126667777&[email protected]&address1=500+Charles_
Avenue&city=New+York&country=United+States+of+America&state=New+York
(where “qualysapi.qualys.com” is the platform URL associated with the API user’s account)
Inform your teams on vulnerabilities
How do I create custom notifications
7
New users are added to your account
You’ll see KnowledgeBase Only users listed with other users in your account.
How do I create custom notifications
It’s easy to configure different vulnerability notifications for different teams. For example, you
may want a group of IT Managers tasked with maintaining Windows systems to be notified when
new critical Microsoft vulnerabilities are added to the KnowledgeBase. You may want a separate
group responsible for monitoring cyber threats to be notified about all vulnerabilities with known
exploits so they can be proactive and take appropriate actions even before a scan is launched.
Who can do this?
Manager users and KnowledgeBase Only users can set up custom vulnerability notifications.
Let’s get started!
You’ll create distribution groups with 1) users and 2) search lists that tell us which vulnerabilities
those users should be informed about. When a vulnerability (QID) matches the search list, the
entire distribution group is notified by email.
Go to Users > Distribution Groups, and choose New > Distribution Group.
Each new user receives their login credentials and instructions via email
All the user has to do is login to complete their account registration. After this the
user is activated and ready to receive vulnerability email notifications you set up for
them.
Inform your teams on vulnerabilities
How do I create custom notifications
8
Give your distribution group a name and add the list of users who are members of the group.
Select vulnerabilities that will trigger emails. Use search lists to tell us which vulnerabilities
should result in an email notification for this particular distribution group.
Include email addresses
for users in the
subscription (simply select
users from the list) and
email addresses for users
outside of the subscription
(type them into the field
provided).
Configure the notification
to be sent for new
vulnerabilities, updated
vulnerabilities or both.
Inform your teams on vulnerabilities
How do I create custom notifications
9
Here’s a sample notification. A CSV file is attached to provide additional details for each QID.
10
How users stay updated on vulnerabilities
Users are able to send and receive vulnerability notifications, and view vulnerabilities in the
KnowledgeBase.
View vulnerabilities in the KnowledgeBase
Search the KnowledgeBase, dig into vulnerability details, and create search lists (on the Search
Lists tab). You’ll need search lists for custom vulnerability notifications. The KnowledgeBase is
the default landing page for KnowledgeBase Only users.
Set up custom vulnerability notifications
Jump over to the Users section to create distribution groups and set up your own custom
vulnerability notifications. It’s easy to do. Go
here for step-by-step instructions.
How users stay updated on vulnerabilities
11
Configure the Latest Vulnerabilities notification
This email notification is sent weekly, by default. Would you prefer to receive it daily or not at all?
Simply choose User Profile below your user name (in the top right corner).
Then go to the Options section to change the notification setting for your account.
12
User permissions and controls
Tell me about user permissions
KnowledgeBase Only users have these permissions:
Can edit their own user profile.
Can view the Qualys KnowledgeBase.
Can create Search Lists and edit or delete their own Search Lists.
Cannot create or edit global Search Lists.
Can create Distribution Groups and edit or delete their own Distribution Groups.
Idefense and Predictions tabs will be shown when enabled.
Can run basic APIs when enabled in the UI.
Basic API support
APIv1
1) /msp/time_zone_code_list.php
2) /msp/scan_options.php
3) /msp/ticket_list.php
4) /msp/asset_ip_list.php
5) /msp/asset_domain_list.php
6) /msp/action_log_report.php
APIv2
1) /api/2.0/fo/scan/
2) /api/2.0/fo/report/scorecard/ (launch scorecard report)
3) /api/2.0/fo/asset/ip/
4) /api/2.0/fo/asset/excluded_ip/?action=list&echo_request=0
5) /api/2.0/fo/asset/group/
13
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and
compliance solutions with over 9,300 customers in more than 100 countries, including a majority
of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated
suite of solutions help organizations simplify security operations and lower the cost of
compliance by delivering critical security intelligence on demand and automating the full
spectrum of auditing, compliance and protection for IT systems and web applications. Founded
in 1999, Qualys has established strategic partnerships with leading managed service providers
and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Fujitsu,
HCL Comnet, HPE, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and
Wipro. The company is also founding member of the
Cloud Security Alliance (CSA). For more
information, please visit
www.qualys.com
Qualys Support
Qualys is committed to providing you with the most thorough support. Through online
documentation, telephone help, and direct email support, Qualys ensures that your questions
will be answered in the fastest time possible. We support you 7 days a week, 24 hours a day.
Access support information at
www.qualys.com/support/
