How to perform scan report against Microsoft monthly released OS level patches and application patches Dynamicaly in Qualys…

Hello Everyone

I hope you are well and well….

Let’s work on this story to make it the best way to fetch vulnerability reports against Microsoft monthly patches from the below tool.

Tools: Qualys, Rapid7

The below feature will be going to help us to extract exact vulnerability reports against specific month patches or released fixes or vulnerabilities.

How to fetch report from Qualys VMDR against Monthly patches and you can follow below path….

• VM/ VMDR → Report module → Search list
• VM/ VMDR → Report module → Template
• VM/ VMDR →Report module → new → Template based
• Format → CVS → Asset Tag or Group → Run

Searhlist:

1. Requirement: Reduce time and manual report in report sanitization.
2. Give a name to the search list Like:- “Mircosoft Patches Jul’23”
3. This will help us to create a batch of vulnerabilities for which we are going to fetch the report over Microsoft assets.
4. Here, the best thing is. If you are going to create a dynamic search list which I always prefer.
5. Whatever, filter we used to create a search list. In the backend, it is connected with Qualys vulnerability database or Knowledgebase.
6. The search list has many filters, here I will tell you only required for our scenario.
7. Filter like: Title, Vendor description, Category.
8. Qualys vulnerability title example for Microsoft monthly released
9. Example 1 → Title:- Microsoft Windows security update for July 2023
10. Example 2 → Title:- Microsoft Windows .Net security update for July 2023
11. Example 3→ Title:- Microsoft Windows .Net Framework security update for July 2023
12. If you analyze the above example, they have the same string: "July 2023”.
13. In Title Filter, We are going to feed in July 2023.
14. The next filter is Vendor Description. I hope everyone knows which is “Microsoft”
15. Third filter Category which helps to make a Separation between Operating System level vulnerabilities and Application vulnerabilities like Exchange, SharePoint, and SQL.
16. For OS level vulnerability you have to keep Category value, Category is not mail services, Database, etc.
17. For Application vulnerabilities, We have to keep Category values, Category is mail services and databases.

Template:

• Here, We are going to take leverage the “Filter” option inside the template.
• Inside Template → Filter → Selective vulnerability reporting → Custom → Add your created Search List “Microsoft Patches Jul’23” → Save
• Run this template over your selected assets by tag and group.
• Now you will get the exact vulnerability report.

If you want to know how to create the best template against Microsoft's monthly released patches, Make comments in the Comment section then I will back with another story of the vulnerability template.

Thank You

For listening to me this far, If you have another scenario, I would like to listen and want to work with you.

I will meet you in the next part, about how we can implement the same in Rapid7.