Vulnerability Detection Pipeline

Robert Dell'Immagine

Last updated on: December 21, 2022

Update February 3, 2021: The Vulnerability Detection Pipeline is now GA (generally available). Results include a “last updated” timestamp.

Update October 22, 2020: The Vulnerability Detection Pipeline has been updated to include detections of all severities. It now gives visibility into upcoming and recently published detections with severity 3, 2 and 1 in addition to severity 5 and 4.

The pipeline also supports a URL parameter that identifies a specific CVE, e.g. https://community.qualys.com/vulnerability-detection-pipeline/#CVE-2020-15999. This is helpful if you want to share a specific entry with a colleague. The parameter must be in standard CVE format.

If a search on the pipeline returns zero results, the pipeline now displays a link to instructions for requesting a new QID.

Original Post: The new Vulnerability Detection Pipeline, now in beta on Qualys Community, gives you visibility into upcoming and recently published vulnerability signatures (QIDs). Now you can track the development status of vulnerability signatures for recent high-priority vulnerabilities, to help you stay on top of the latest threats.

The new service shows which severity 4 or 5 vulnerabilities are currently being investigated by the Qualys vulnerability signatures team, which detections are being developed and will be available soon in the KnowledgeBase, and which ones have been published within the last two weeks.

To help you find what you are looking for, you can browse the full list of detections, filter by detection status, perform full-text search of the signature details including by CVE number, and sort the detections by title and severity.

Detection Status

  •  Under investigation: We are researching a detection and will publish one if it is feasible.
  •  In development: We are coding a detection and will typically publish it within a few days.
  •  Recently published: We have published the detection on the date indicated, and it will typically be available in the KnowledgeBase on shared platforms within a day.

Using the Detections Pipeline

Anyone can view the Vulnerability Detection Pipeline.

Qualys customers have access to tens of thousands of published detections across hundreds of applications and operating systems, updated many times per week, in the Qualys KnowledgeBase in their subscription.

Non-customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.

What’s Next

We are currently investigating new features to make the vulnerability detection pipeline more useful to our customers, for example:

  • subscribe to get notified when new detections are published.
  • request detections that are not available or in the pipeline already.

Let us know any other use cases you would like to see addressed, and provide your feedback on the current service. Please either contact your TAM or share your pipeline improvement suggestions with the community.

Show Comments (1)

Comments

Your email address will not be published. Required fields are marked *

  1. Hi,

    Nice feature.
    Please have categorisation option for new signature notification. Like windows vulnerabilities, Unix, may be little more granular like the version.. etc.