Qualys allows users to Ignore instances that they feel are false positives or risks that can be accepted through their Remediation Tickets Module.
Last Updated: 3/4/2024
Overview
NopSec users can work with their NopSec Customer Success team to enable the ability to create Ignore tickets from NopSec to Qualys every time a NopSec Exception Plan is approved. By doing so you can centralize your Exception management process and ensure that Qualys stops scanning those vuln instances again in the future, reducing your workload in NopSec.
Steps
- Contact your NopSec customer success team to enable Qualys Bi-Directionality
- Ensure that you're confident in your Exception Review settings;
- Once an approved Exception Plan is approved NopSec will create the Qualys Ignored ticket, so if you want to have a way to review what your users are doing enable the Exception Review setting in your settings page.
- Create Exception Plans as normal
- Identify vuln instances that need to be Risk Accepted or marked False Positive from within the Prioritize report table or via a Remediation Plan report table.
- Click Create Exception Plan
- Determine Exception Plan Type; Risk Accepted or False Positive
- Fill out required data such as Reason, Accepted until Date, and Description
- Hit Submit
- Once your plan is approved, NopSec will automatically create a ticket for every vuln instance in your plan and mark it as Ignore within Qualys. If you provided a Risk Accepted Until Date the Qualys Ticket will also use that date and stop ignoring the instance after that date.
- NopSec places the link to NopSec Exception Plan within the Qualys Ticket
Qualys UI
To find your Tickets in Qualys go to the VM module, Remediation Tab, and then click tickets.
- This is where you'll find all of your ignored vuln instances.
- Click on a row and view Info to see the comment provided by NopSec which includes the Exception Plan link.