qualys_scanning

Explanation

The qualys_scanning NDM monitors your network for Qualys scanning activity. It identifies when Qualys attempts to scan a target host or network to determine the vulnerabilities present on that system.

What to Look For

To examine the results of the qualys_scanning event, look for any activity related to Qualys scanning on your network. This can include IP addresses or hostnames that are attempting to scan your network, as well as the types of scans being performed. Check endpoint activity logs to ensure that the scanning activity is not coming from any authorized sources. If unauthorized scanning activity is detected, take immediate action to block and remediate the affected systems to prevent further security incidents.

Qualys, Inc. is an American corporation that provides cloud-based security and compliance solutions to organizations worldwide. Founded in 1999, the company specializes in offering vulnerability management, policy compliance, web application scanning, malware detection, and other related services. The company's flagship product is the Qualys Cloud Platform, which integrates a range of security and compliance tools, enabling organizations to assess, manage, and improve their security posture.

Qualys' solutions are designed to help businesses identify and fix vulnerabilities, comply with industry regulations, and protect their assets from cyber threats. The company serves customers across various industries, including government, financial services, retail, healthcare, and technology sectors.

Related MITRE ATT&CK Categories

Network Service Discovery, Technique T1046 - Enterprise
Active Scanning, Technique T1595 - Enterprise