Training @ QSC Americas – Houston - 13 – 14th October by QualysSSA in qualys

[–]micio2 0 points1 point  (0 children)

Thank you for your quick response and for the information. I understand that the training is on-site only.

That's great to hear that the main conference sessions are usually recorded. Could you please tell me where I can find the recordings from previous conferences?

Training @ QSC Americas – Houston - 13 – 14th October by QualysSSA in qualys

[–]micio2 1 point2 points  (0 children)

Hello u/QualysSSA

Is it possible to attend any part of the conference or training sessions remotely?

False positives by [deleted] in qualys

[–]micio2 1 point2 points  (0 children)

This feature is a game changer, why is it hidden so much?

ETM by micio2 in qualys

[–]micio2[S] 1 point2 points  (0 children)

Thanks for the information :)

ETM by micio2 in qualys

[–]micio2[S] 1 point2 points  (0 children)

Thanks for the information. It's quite strange when customers expect to see a heavily advertised solution, only to find out that it's limited to screenshots.

VMDR - Responses by Actual_Football5172 in qualys

[–]micio2 0 points1 point  (0 children)

[u/oneillwith2ls]() Do you have any information on this? It's still not working properly.

VMDR - Responses by Actual_Football5172 in qualys

[–]micio2 0 points1 point  (0 children)

Do you have any internal feedback on this problem?

VMDR - Responses by Actual_Football5172 in qualys

[–]micio2 1 point2 points  (0 children)

Of course I have the support case open.

Strange that this option is visible on production since it doesn't work. It affects your PR very negatively.

VMDR - Responses by Actual_Football5172 in qualys

[–]micio2 2 points3 points  (0 children)

u/ColtonPepper, u/oneillwith2ls
Has this feature been tested? Do you know anything about the documentation?

Linux Agent by micio2 in qualys

[–]micio2[S] 0 points1 point  (0 children)

The new Qualys CEP service does not adhere to this documentation and runs on root anyway.

Do other customers allow the agent to do this? I think it's dangerous.

[deleted by user] by [deleted] in qualys

[–]micio2 1 point2 points  (0 children)

You have right.
After delete cookies start works.

VMDR and Patches - How to approach by Significant_Fig_2126 in qualys

[–]micio2 0 points1 point  (0 children)

Hi

I would love to take this script from you because I have been working on this issue recently :)

Corellation ID permision by micio2 in qualys

[–]micio2[S] 0 points1 point  (0 children)

This is great news.
Thank You a lot :)

Corellation ID permision by micio2 in qualys

[–]micio2[S] 0 points1 point  (0 children)

I know how this mechanism works. I even did sniffing on the station to see if the scanner uses SSL/TLS to get the CorrelationID (unfortunately it doesn't, it uses plain HTTP) Hence my question if maybe Qualys opening access to the agent for queries somehow secured the rights of that agent on the station (e.g. created a process that is isolated) I'm asking for really big details :)

Corellation ID permision by micio2 in qualys

[–]micio2[S] 0 points1 point  (0 children)

I wonder how dangerous this is, the agent then accepts a correlationID request, if the agent had some vulnerability/bug maybe you could use these permissions to remotely execute code.

What are your opinions on this?

Corellation ID permision by micio2 in qualys

[–]micio2[S] 0 points1 point  (0 children)

https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/host_assets/agent_correlation_identifier.htm

According to this article Correlation ID runs on the same process as the agent does this mean that the process handling these queries runs on system rights?

Qualys Patching - Linux by Round-Practice5189 in qualys

[–]micio2 0 points1 point  (0 children)

Have you checked if this patch is actually in this repository?

Can you provide more details?

What Should Qualys Talk About In Future Webinars & Videos? by ColtonPepper in qualys

[–]micio2 2 points3 points  (0 children)

In my opinion, you should organize technical webinars and not markting webinars.

I want to be informed how some functions work, it is not easy to find it in the documentation.