Configure Report Templates (2024)

It's easy to use an existing template. Just go to Reports > Templates and:

1) edit the template you'd like to use - Patch Report, Scorecard Report, High Severity Report, Executive Report, etc.

2) we recommend you save a copy (click Save As), and

3) configure the report template settings.

Looking for more report templates to choose from?Looking for more report templates to choose from?

You can check out our templates library where we publish templates commonly requested by our customers. Just go to Reports > Template > Import from Library and download as many as you'd like. You can configure these templates to suit your reporting goals.

Host Based FindingsHost Based Findings

We recommend Host Based Findings since it encompasses the latest vulnerability data from all of your scans. Each time you create a report, we'll automatically collect vulnerability data that we've indexed per host in your account - we refer to this as host based findings. This option gives you the most comprehensive and up to date picture of your vulnerability status.


  • When you generate a Host-based scan report for Asset Groups with "ALL" option, the report shows only those assets that are added to VM. If you want to view the assets that are not in VM, add the asset tags associated with the assets to the Asset Tags filter using the Add Tag option when you generate the report.For example, in the report, to view agent-tracked assets that are not in VM, add the agent tag for these assets to the Asset Tags filter using the Add Tag option.

  • While configuring a host-based report template based on asset group with its associated asset tags, if you choose to exclude certain asset tags from the report, any host assets that are a part of both the included and excluded asset tags do not get reported in the host based report. The report displays only the host asset details in the report.


    Host A is part of Asset Group – AG1. Host A is also part of Asset Tags (associated with asset group AG1) - AT1, AT2, AT3. You generate host based scan based on the following settings in the report template:

    In this case, the host based report displays the host A asset details only. It shows only the asset details for Host A because Host A belongs to Asset Group – AG1. However, the report omits the associated tags details because Host A is linked to tags, include tag- AT1, and exclude tag AT2. Therefore, the Qualys system invalidates the tags associated with Host A and does not display any asset tag information.

You can create reports with trending information when you've selected Host Based Findings. If you use the default we'll include vulnerability information for the last 2 detections. In other words we'll analyze the last two detections for each vulnerability on each host and compare the current vulnerability status (New, Fixed, Re-Opened, Active) to the last known vulnerability status.

Do you want to analyze trends for a timeframe instead?Do you want to analyze trends for a timeframe instead?

Just choose the date range you're interested in - starting on a specific date - and we'll analyze the vulnerability status for your timeframe. In case the Last detected date or the Last fixed date of the vulnerability occurs during the specified timeframe, the vulnerability data is included in the Trending scan template based report. Currently, the Last fixed date field can be viewed only in the CSV output of the report.

Only include scan results from the specified timeframeOnly include scan results from the specified timeframe

Select this option to ensure that only vulnerability information gathered in the timeframe that you've specified is included in the report. If you do not select this option, vulnerability information for hosts that were last scanned prior to the report timeframe may be included. For example, let's say you want to create a report analyzing data for the past 4 weeks. Host A was scanned 5 weeks ago, and has not been scanned since then because it was firewalled and unreachable. By selecting this option you'll exclude Host A from the report and only analyze vulnerability information detected in the past 4 weeks. By clearing this option you'll include Host A in your report with the last known vulnerability information from 5 weeks ago.

Display optionsDisplay options

On the Display tab, select how much information to include in the report, in both the summary and detailed results sections. You can choose to include report graphics, add custom text to the report footer, determine how the detailed results should be sorted and how much detail to include for each vulnerability.

> What is the text summary?> What is the text summary?

The text summary includes the total number of vulnerabilities detected, the overall security risk, and the business risk (for reports sorted by asset group). The following tables also appear: total vulnerabilities by status, total vulnerabilities by severity, and top 5 vulnerability categories detected. Note that this option is not available in reports set to Manual scan results selection.

> Tell me about the vulnerability details> Tell me about the vulnerability details

Threat. A description of the threat.

Impact. Possible consequences that may occur if the vulnerability is exploited.

Solution: Patches and Workarounds. A verified solution to remedy the issue, such as a link to the vendor's patch, Web site, or a workaround.

Solution: Virtual Patches and Mitigating Controls. Virtual patch information that is correlated with the vulnerability, when this information is available in the KnowledgeBase. The service correlates virtual patch information obtained from Trend Micro real-time feeds.

Exploitability. Exploitability information that is correlated with this vulnerability, when this information is available in the KnowledgeBase. The service constantly correlates exploitability information from real-time feeds to provide up to date references to exploits and related security resources.

Associated Malware. Malware information that is correlated with this vulnerability, when this information is available in the KnowledgeBase. The service constantly correlates malware information obtained from Trend Micro Threat Encyclopedia real-time feeds to provide up to date references to malware threats and related security resources.

Results. Specific scan test results for each host. Also included: the date the vulnerability was first detected on the host, the date it was last detected on the host, and the total number of times it was detected on the host.

Reopened. The date/time a vulnerability was first reopened, last reopened, and the number of times it was reopened. A vulnerability is reopened when it was verified as fixed by the previous scan and is detected by a new scan.

> Tell me about TruRisk details (ARS, ACS, QDS)> Tell me about TruRisk details (ARS, ACS, QDS)

This option is only visible in subscriptions with the Asset Risk Scoring feature enabled.

Select TruRisk Details (ARS, ACS, QDS)on the Display tab to show Qualys TruRisk scores in your report to help you prioritize vulnerabilities, including Asset Risk Score (ARS), Asset Criticality Score (ACS) and Qualys Detection Score (QDS).Learn more about these scores


- This option is supported in reports with Host Based Findings.

- To see ARS and ACS in the report, you must also selectText Summarybecause these scores appear at the summary level for each host.

- To see QDS in the report, you must also select Vulnerability Details and at least one vulnerability detail like Threat because this score appears when you expand vulnerability details.

- When detailed results are sorted by Host and TruRisk Details are included, then you'll see scores in all report formats: CSV, XML, HTML, DOCX, PDF and MHT.

- When detailed results are sorted by some other method (e.g. vulnerability, operating system, asset group, etc) and TruRisk Details are included, then you'll only see scores in CSV and XML report formats.

> Tell me about the custom footer> Tell me about the custom footer

This is a spot where you can add required information like a disclosure statement or data classification (e.g. Public, Confidential). The footer text you enter will appear on the last page of reports generated from this template, except reports in XML and CSV formats.

Note - You can work with your Technical Account Manager or Qualys Support to have a custom header, footer and logo added to every page of Host Based Scan Reports in PDF format. This is a subscription level setting. See Custom Header, Footer, Logo for Host Based Scan Reports in PDF to learn more.

> Display information for cloud instances> Display information for cloud instances

From Display Cloud Related Information section in the Display tab in the Scan Report Template:

- Select the "Cloud Provider Metadata" check boxto include general fields that apply to all cloud providers, including AWS, Azure, GCP, and other future support to your report.

- Select the "Legacy EC2/Azure fields" check boxto include cloud provider-specific metadata fields originally introduced for AWS and Azure.

Azure metadata information: public IP address, image offer, image version, subnet, VM state, private IP address, size, subscription ID, location, and resource group name

EC2 metadata information: public and private DNS name, image ID, VPC ID, instance state, instance type, account ID, region code and subnet ID

GCP metadata information: public IP address, VM instance ID, private IP address, VPC network, machine state, machine type, zone, hostname, and MAC address

Refer to the Qualys API (VM, PC) User Guide (section:Cloud Asset Metadata Fields in CSV Format and Cloud Asset Metadata Fields in XML Format)to know the tags which will appear in your scan report

> Display Qualys system IDs> Display Qualys system IDs

Select the"Qualys System IDs" check box (under Display Host Details) to include host identifiers such as host ID, asset ID in the host-based scan report template. Once you launch or download the host-based scan report, the host ID, asset ID information is displayed in the report.

Configuring "required" and "unauthorized" services and portsConfiguring "required" and "unauthorized" services and ports

It's possible to flag specific services and ports as either "required" or "unauthorized". When these are marked as "required" or "unauthorized" and they are not detected, they will appear as vulnerabilities in the report by these QIDs:

- 38175 (Unauthorized Service Detected)
- 82043 (Unauthorized Open Port Detected)
- 38228 (Required Service Not Detected)
- 82051 (Required Port Not Detected)

Tip - Want your report to include certain QIDs? Select Custom for Selective Vulnerability Scanning in the Filters section of your report template and be sure to add these QIDs (in search lists).

Configure Report Templates (2024)


Top Articles
Latest Posts
Article information

Author: Reed Wilderman

Last Updated:

Views: 6399

Rating: 4.1 / 5 (72 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Reed Wilderman

Birthday: 1992-06-14

Address: 998 Estell Village, Lake Oscarberg, SD 48713-6877

Phone: +21813267449721

Job: Technology Engineer

Hobby: Swimming, Do it yourself, Beekeeping, Lapidary, Cosplaying, Hiking, Graffiti

Introduction: My name is Reed Wilderman, I am a faithful, bright, lucky, adventurous, lively, rich, vast person who loves writing and wants to share my knowledge and understanding with you.