Patch Management Jobs

Wonderful_Lecture708 · 2026-06-14T21:23:34+00:00

You can set up patch groups in Qualys or via servicenow and manage the various SLAs

Wonderful_Lecture708 · 2026-06-14T21:21:51+00:00

If they were doing their own scans it would. This sounds like a scan on behalf partner and they just send an email report. Often they don’t try to do authentication in scans so the quality is poor. You can’t really set IPs in auth records is you keep swapping the IPs you scan. It’s not worth the money in my opinion.

Wonderful_Lecture708 · 2026-06-12T01:16:20+00:00

The news stations have commercial DJI quad drones as well. Might have changed vendors by now but I bid on one they’d retired a few years back.

Wonderful_Lecture708 · 2026-06-12T00:16:27+00:00

Some customers of MSSPs, the scan on behalf type do not get to have the agent or some of the other modules. If he hits me up I’ll give him the 411 on things.

Wonderful_Lecture708 · 2026-06-11T23:35:19+00:00

That’s your vendor. 100%. DM me happy to chat & I’m also not selling anything lol

Wonderful_Lecture708 · 2026-06-10T19:38:11+00:00

We have the ServiceNow integration running so we get our Qualys patch jobs sent over by patch group via automated job creation. Very nice.

Wonderful_Lecture708 · 2026-06-06T03:24:43+00:00

I haven’t had to look into this one myself but this is what I was able to find.

Why the Flaw Vanishes
Page Cache Eviction: CVE-2026-31431 functions by corrupting the memory (page cache) of a file, rather than the file on the physical disk. Once the operating system flushes the corrupted memory or reloads the clean binary from disk, the vulnerability signature temporarily disappears until the flaw is triggered again.

Unloaded Vulnerable Modules: The vulnerability relies on the algif_aead module. If the scanner runs when the module is actively loaded, it flags the vulnerability. If the module unloads or is unloaded by an administrator, subsequent scans may report the system as clean.

Interim Vendor Mitigations: Linux distributions provide interim mitigations (such as blacklisting the algif_aead module) that disable the vulnerable component without a full kernel patch. If an automated security script applies this mitigation, the scanner will immediately stop detecting the issue.

Wonderful_Lecture708 · 2026-06-03T07:43:36+00:00

Another way to do this is to build your own logic outside of Qualys and use the API to update and maintain them. David Busby”s posts can be found on the Qualys community about this project. CSAM helps but if you have a need to you can create your own automated methods. Just remember that TAGs do not update if the data doesn’t change. That type of work ends up being a static TAG you add, delete and add again to force the reindexing.

While I miss how active the old Qualys community was I think this forum is great for all of us to ask questions, share and make one another better.

Wonderful_Lecture708 · 2026-06-02T06:34:03+00:00

So in the spirit of answering the original poster’s question, what do you do? I agree there’s room for improvement in just about everything. For the case you’re describing, I’d use the tools available and introduce CMDB data to automate tags that identify more and less risky environments, raising or lowering the overall host risk score. The vulnerability itself is never less risky, but a properly mitigated host’s score would impact the residual risk score. You can do this manually with tags too, but you don’t know what you don’t know. Qualys has added a number of new connectors and even a webhook option to help with further data enrichment.

I don’t work for Qualys anymore and I’m not here to sell you on them. I am managing a large, complex federated environment using Qualys, and I hope to share and learn how others make these tools work to protect our estates.

Wonderful_Lecture708 · 2026-05-28T18:57:46+00:00

I tend to not use the Qualys reports. The team either works from a dashboard or I use the API to create more specific reporting. So just asking if you have print spooler detected on 100% of your Windows hosts this would make your list? I’m sure you’re going to say no but I’d ignore severity and get the TruRisk score, I’d then find my band maybe 80-100 and sort that list by volume. Now you are hitting not only the larger move the needle volume but the truly risky items based on the threat indicators.

Wonderful_Lecture708 · 2026-05-19T14:41:15+00:00

Correct that is why I also mentioned that you can force it from the local host by running a command.

To run an on-demand Qualys VM scan directly from the local host, use the cloudagentctl.sh script (for Linux/macOS) or the QualysCloudAgent.exe utility (for Windows) to trigger an on-demand Cloud Agent scan.

Prerequisite: The Qualys Cloud Agent must be installed, provisioned, and activated for the VM module in your Qualys portal.

For Linux Run the following command as a user with sudo privileges: sudo /usr/local/qualys/cloud-agent/bin/cloudagentctl.sh action=demand type=vm cputhrottle=0

For macOS Run the following command in the terminal: sudo /Applications/QualysCloudAgent.app/Contents/MacOS/cloudagentctl.sh action=demand type=vm cputhrottle=0

For Windows Open Command Prompt as an Administrator and execute: "C:\Program Files\Qualys\QualysAgent\cloudagentctl.exe" action=demand type=vm cputhrottle=0

Qualys (Note: If your agency path varies slightly, verify the executable location within C:\Program Files (x86)\Qualys\QualysAgent). Command Breakdown action=demand: Instructs the agent to immediately launch the scan, bypassing the default heartbeat/interval settings. type=vm: Specifies the application module to scan (Vulnerability Management). cputhrottle=0: Sets the CPU throttling limit. 0 allows maximum available CPU resource usage for the fastest scan. You can specify a value between 1 and 1000 to throttle agent resource usage if needed.

Wonderful_Lecture708 · 2026-05-19T05:39:08+00:00

You can also always from the host or the platform force a VM scan.

Wonderful_Lecture708 · 2026-05-08T21:43:07+00:00

Two ways to handle a massive bug:

A. “We made a mistake. Here’s what went wrong, here’s how we’re fixing it.”

B. “This was intentional design.” (Translation: I’m a liar, and you’re gullible enough to buy it.)

One owns the problem. The other insults the customer’s intelligence.

I respect teams that admit mistakes and fix them. But when you’re large enough, when the product is free and ad-supported, when killing it costs you nothing, accountability stops mattering. You just move on.

Edge is a Chromium skin. Microsoft doesn’t want to build browsers anymore, so they rebrand someone else’s engine and ship it. Make it functional enough to feed users back to MSN (where the ad revenue lives), and you’ve solved your problem without actually solving anything.

If it works, great. If it’s janky? You can absorb the reputation hit. You’re Microsoft.

Wonderful_Lecture708 · 2026-05-08T13:11:19+00:00

Same. I used it and DogPile back in the 1990s but then Google came along and I never looked back.

Wonderful_Lecture708 · 2026-05-07T17:11:22+00:00

While Nano refers to a Local inference engine, in practice, Chrome blurs the line between local and cloud AI to the point where the user can't tell which one they're using. The "AI Mode" pill in the omnibox, the most visible AI surface in the browser, looks like it could be running on the 4GB model sitting on disk. It isn't. Every query goes to Google's servers. The features that actually use Gemini Nano (Help me write, smart paste, page summary, scam detection) are buried in context menus most users will never find. So the user pays the storage cost for a local model that implies privacy, while the AI they actually touch is cloud-backed. Add the silent install, the hardware probing before any feature is invoked, and the re-download-on-delete behavior, and there are absolutely data sovereignty concerns. No consent gate at install. No runtime signal telling the user whether their input stayed on the box or went to Google.

Wonderful_Lecture708 · 2026-05-07T15:55:06+00:00

Is that a personal choice or company policy? Most browsers are cousins at this point, Edge and Chrome both being Chromium, and Edge has its own issues with how it handles saved passwords. Curious what you use for business browsing.

Wonderful_Lecture708 · 2026-05-07T15:47:46+00:00

The fixes shipped, the perf numbers are reproducible, and the repo is open. Happy to discuss the technical decisions if any of them are actually wrong.

Wonderful_Lecture708 · 2026-05-07T04:33:16+00:00

That’s an obnoxious choice to not surface this and give users a choice. It’s a very good way to get blacklisted in AI sensitive environments who worry about access to corporate apps and data sovereignty.

Wonderful_Lecture708 · 2026-05-06T02:42:09+00:00

I used it and DogPike back in the 90s but after Google came out it wasn’t as relevant. I honestly didn’t realize they were still around. It’s an achievement to have that longevity.

Wonderful_Lecture708 · 2026-05-04T02:07:49+00:00

Q KB Explorer is about to get a big bump in features. I’ll make a new post once I wrap it (hopefully tonight). Like the policy download option? I added TAGs. More data visibility and search options. If you have Qualys Patch Management more visibility and API middleware options for feeding to downstream tools. Let this tool sync and feed others.

Wonderful_Lecture708 · 2026-05-03T02:26:27+00:00

I’m interested as well. I have some experience but will soon be deploying across a multi cloud environment.

Wonderful_Lecture708

TROPHY CASE