We use continuous monitoring to schedule scans for all the applications in our organization. We create a parent tag and sub-tags for each application and schedule scans based on our requirements, such as every alternate day, weekly, or monthly. This helps us identify vulnerabilities in the web applications, especially those that are public-facing.

Since implementing Qualys, we have seen a reduction in the time required to scan applications, as it automates the process. This efficiency is one of the key improvements we have noticed. Additionally, the tool is effective compared to others, particularly for automated scans.

In Qualys VMDR, there are multiple valuable features such as Continuous Monitoring, SFU Connector, and WebVPN. Continuous monitoring is a crucial feature that we use more frequently.

There are scenarios where a vulnerability is reported once yet not in subsequent scans, even if we have not fixed it. Sometimes, Qualys is unable to crawl certain URLs due to unspecified issues. Additionally, the report download option occasionally has problems.

I have been using Qualys for two years.

I would rate the stability as nine out of ten, indicating no significant issues with stability.

The scalability of Qualys is rated as eight to nine out of ten, and there are no problems with scalability.

The customer support system could be improved. While they respond, it takes them two to three days to address a concern, which is an issue. Overall, I would rate customer service as five or six.

Neutral

The setup process was not within my involvement, as it was part of the project I had joined and it was already set up.

I recommend Qualys VMDR as it effectively reduces the time required for vulnerability management and operates well with fewer people.

I'd rate the solution seven out of ten.

We use Qualys VMDR for vulnerability management and operations, such as scanning assets to identify vulnerabilities and updating the reports for different teams.

We identified and resolved many vulnerabilities by using Qualys VMDR. It has been helpful in detecting externally facing asset vulnerabilities and coordinating patching or remediation with different teams.

I find the scans portion of VMDR to be valuable. Authenticated scans provide different options, including those using or not using the FactSet and adding option profiles. Another good feature is the Knowledge Base, which provides detailed information on vulnerabilities, period scores, solutions, issues, and mitigation.

I'd suggest improvements in asset management. It would be helpful to have features for better tracking, including options for adding relevant owners or supporting groups for each asset.

I have been using Qualys VMDR for about three years.

The solution is stable. I would rate it eight out of ten.

Scalability is rated at 7.5 out of ten.

When you raise a report, it will be generated in VMDR and shared with the respective team. Depending on client requests, reports can be in PDF or Excel format.

Positive

I did not use any previous vulnerability solutions; I started directly with Qualys.

The setup for Qualys VMDR is easy since it's a cloud tool. Access is provided through different inboxes, and deployment is straightforward.

I am not aware of the actual cost or pricing as it is managed by the client.

Compared to other solutions like Nexus, Qualys provides more options and is a better tool.

I recommend using Qualys as it offers many valuable features and options. It is better compared to solutions like Nexus.

I'd rate the solution nine out of ten.

I am working for an IT firm where I use Qualys VMDR for my clients. I specifically use it for vulnerability detection and vulnerability remediation as part of our vulnerability assessment team. We scan all the assets for vulnerabilities, both servers and client-side, and then share the vulnerability reports with the relevant teams for remediation planning.

The continuous scanning for vulnerabilities, especially the notifications for zero-day vulnerabilities, greatly aids in keeping our systems secure. The accurate vulnerability assessments and the remediation plans they provide enhance our workflow and effectiveness in vulnerability management.

The most valuable feature is the vulnerability assessment. Qualys VMDR is precise in its assessments and categorizes vulnerabilities by severity from one to five. Additionally, they provide detailed reports and possible remediation steps, such as updating from Java version 3.4 to a more secure version.

Qualys VMDR could improve in reducing the occurrences of false positive vulnerabilities. Enhancing this aspect would make the tool even more effective.

I have been using Qualys VMDR for two years.

There are no issues with stability. They notify us of any scheduled downtime a week in advance, usually planning it for weekends to avoid disrupting business operations.

Qualys VMDR handles scalability very well. It offers extensive features and facilities to create groups for assets or servers, making it easy to add new environments or data centers for scanning.

I have heard that their technical support team is very responsive and takes quick action when needed. However, I have never interacted with them personally.

Positive

We have used ZixSense, also known as Ivanti Neurons. ZixSense is more user-friendly than Qualys, however, the latter provides more comprehensive and accurate vulnerability assessments.

The initial setup of Qualys VMDR was easy. We just had to open the Qualys tool, add the IP addresses of the respective servers or hostnames, and start scanning. Access to vulnerability assessment is only provided via IP addresses, not hostnames.

Any changes or maintenance required are managed by the Qualys team following change requests from our upper management.

New users should complete two training programs from the Qualys training center: Qualys Foundation and Qualys VMDR. These certifications provide the necessary knowledge to set up and use Qualys effectively. Qualys also provides a demo trial account for new users.

I'd rate the solution nine out of ten.

We use Qualys VMDR to scan our public websites and products, anywhere that is publicly available. We deploy it through Qualys's cloud scanner.

Qualys VMDR provides us with a quick response to threat findings through regular scheduled scanning, which improves our security operations. It also offers an impressive knowledge base for quick research results and coverage of all vulnerabilities.

The knowledge base is the most impressive feature because it provides quick research results and coverage of all vulnerabilities. Additionally, the real-time threat detection feature provides quick responses to threat findings.

Qualys VMDR should improve authenticated scanning capabilities. It currently only allows basic authorization tokens and preset parameters. In contrast, Burp's in-built browser works more like a proxy, which makes security testing easier and more accurate. Pricing is also an issue; it's high enough to deter mid-sized to small companies. Moreover, the technical support is slow and tends to just reference documentation rather than providing real technical assistance.

I have been using it personally for five years, while my company has been using it for three years.

The technical support is slow to respond. Most likely, they just provide reference links for documentation instead of offering in-depth technical guidance. This level of support doesn't compare well to others like Cisco, Juniper, or Avaya, which offer more hands-on assistance.

Neutral

This goes beyond my scope of responsibilities and is managed by my superior.

The pricing for Qualys products is too high, and the licensing model involves paying for the whole bundle, which may not be affordable for mid-sized to small companies.

We are currently looking for alternatives to Qualys by researching competitor products on the market.

For midsize to small-size companies, Qualys might not be the best choice if you don't have enough funding for security due to its high pricing. Qualys VMDR is still recommended for comprehensive vulnerability management but be prepared for slow technical support.

I'd rate the solution nine out of ten.

The primary focus of this solution is to identify and detect vulnerabilities in real time and use that information to patch them using Qualys VMDR task management module. We have a variety of devices within our network, including network devices, firewalls, vCenters, VMs, web applications, and endpoints. We deploy cloud agents on workstations and servers where possible, and we scan network devices using a virtual scanner where we cannot deploy the cloud agent. Additionally, we perform web application scanning for our web apps. We also use the tool to manage our cloud security and container security.

With the help of Qualys VMDR, we were able to get real-time knowledge base updates from Qualys and perform scans on all devices to identify vulnerable devices. This allowed us to plan the next course of action for mitigating vulnerabilities. For example, during the zero-day events, such as the Log4j vulnerability, we received critical real-time information from Qualys, enabling us to identify and plan for mitigation while the rest of the world was still struggling. This capability has tremendously helped us maintain the cybersecurity posture within our organization.

The most valuable features of Qualys VMDR include CSAM, Qualys Gateway Service, Web Application Scanning, patch management and the use of virtual scanners to scan appliances and devices, especially those provided by vendors. 

The ability to run a map scan and identify all assets within our network is extremely beneficial for medium to large organizations. Real-time asset discovery and patch management have also been vital features for us.

One area for improvement is the simplification of the process to ignore certain vulnerabilities on specific devices. Currently, the process is quite long, requiring the creation of separate knowledge bases and lists. Simplifying this to one or two clicks would be beneficial. Additionally, enhancing patch management to support third-party tools and simplifying the creation of patch jobs would greatly improve usability. Improving the interconnection between multiple modules would also be helpful, making navigation and operations more straightforward.

I have been using Qualys VMDR for more than two - three years now.

I would rate the stability of Qualys VMDR as eight. It is a stable solution with minimal issues.

The scalability of Qualys VMDR is good. If we add additional resources, the tool can scale efficiently, ingesting new data seamlessly. Qualys has auto-scaling enabled for their cloud platform, which ensures performance remains high, even with increased resources.

Technical support from Qualys needs some improvement. There are instances where Level 2 support is not able to assist, requiring escalation, which can take time. Overall, basic troubleshooting and issue resolution are straightforward.

Neutral

I have worked with other vulnerability management solutions prior to Qualys. In my current organization, we selected Qualys after a POC. Other tools have not evolved well as Qualys has over the years, making Qualys the preferred solution.

The initial setup of Qualys VMDR is straightforward. The setup's complexity depends on the organization’s size and collaboration with various teams. For organizations with a clear device inventory, the deployment can be completed within a month.

In-house

We evaluated other tools available in the market during our POC process yet found Qualys to be the best solution.

I would recommend Qualys VMDR to other users if they want a comprehensive solution for real-time vulnerability detection and mitigation. The tool is easy to implement, backed by a reliable knowledge base, and offers quick updates during zero-day events. While there are areas for improvement, such as simplifications in handling certain features, the overall solution is robust and effective.

I'd rate the solution eight out of ten.

Qualys VMDR is used as a vulnerability management tool. We have more than a thousand users in our company, and we have integrated Qualys with their machines to help update software and measure known or unknown risks, prioritize them, and patch the devices. We monitor and mitigate alerts, and we find vulnerabilities in specific machines or systems, which we then address.

Before implementing Qualys, we used third-party companies to conduct vulnerability audits and paid them separately for mitigation. With Qualys, we now conduct our vulnerability management and mitigation internally, saving both time and money since we can monitor every system and threat without requiring manual processes or third-party involvement. This has resulted in significant ROI and reduced the risk of breaches.

The best features of Qualys VMDR are its patch management capabilities and the ability to mitigate vulnerabilities automatically. The report export feature allows us to see how many incidents have been mitigated and which ones still need attention. The compliance dashboard helps us track and fix threats efficiently, ensuring all machines comply with security standards.

The user interface (UI) is quite complicated. Initial-stage engineers or analysts might miss something due to the complexity. Also, for hybrid users, the agent might get disconnected, requiring users to revisit the office to reinstall the agent. Additionally, the reports could be more interactive.

I have had five years of experience with cybersecurity platforms and have been using Qualys VMDR for that duration.

I would rate the stability of the solution nine out of ten. It is a robust platform that provides consistent performance.

For scalability, I would rate it nine or 9.5 out of ten. The cloud-based architecture allows us to deploy it across multiple locations seamlessly.

The technical support provided by Qualys is good. Queries are responded to promptly, and if needed, we can contact the TAM or any POCs directly. I would rate their support nine out of ten.

Positive

Before using Qualys, we used a third-party solution for vulnerability audits and mitigations. However, we switched to Qualys because it allows us to handle everything internally, avoiding the need for additional external services.

The initial setup is agent-based and straightforward, especially if you have necessary tools like Active Directory. Given the cloud-based nature of Qualys, deployment can be completed within a day with appropriate resources.

We have seen a significant ROI with Qualys, which is estimated to be around twenty to thirty percent. It has saved a lot of time and money by allowing us to mitigate issues without user interaction and preventing breaches.

Compared to Tenable, Qualys is quite expensive. However, its performance justifies the cost, making it a worthwhile investment.

We also use Tenable Solutions for vulnerability management. However, Tenable requires manual processes for mitigation, whereas Qualys allows for automated mitigation of vulnerabilities and threats.

I would definitely recommend Qualys to other users. Depending on the number of users and specific needs, Qualys is a good vulnerability management product that offers efficient solutions. I'd rate the solution nine out of ten.

We have multiple modules, including Qualys VMDR solution and Qualys TotalCloud solution. We use them in our organization, like VMDR, for vulnerability management, detection, and response, as well as policy compliance to amend policies according to CIA benchmarks and other frameworks. 

We also use the web application module and the Qualys Gateway module to ensure that scanner appliances are functioning properly. These modules allow us to check various scenarios and initiate scans, either on-demand or as per a scheduled plan.

My primary work is with VMDR module. In my previous organization, I worked with TotalCloud, but right now, I am focused only on VMDR and other modules.

Sometimes, we receive CVIDs from customers who require vulnerability scans, but they are not available in the Qualys knowledge base. This makes it complicated because we need to contact Qualys to add the required QID and CVID to their knowledge base and provide the corresponding vulnerability criteria. It affects our business since, without that information, we can't identify or notify our teams about the vulnerabilities.

Compared to other tools, VMDR provides a clearer view and is easy to understand. It's also highly customizable, allowing us to tailor it to our needs. I find it to be better than tools like Belwix, Rapid7, and Tenable.

For asset management, there's a feature that tracks unused machines and purging mechansim. It informs us if a machine hasn’t been used for 180 days, or if it’s been idle for 368 days, allowing us to segregate the data. This reduces our active vulnerability count, which improves tracking and helps us provide more accurate information to customers. It gives more active grip on the information.

With continuous monitoring, we can customize dashboards according to customer needs. Whether they require reports on a daily, weekly, or quarterly basis, we can set up the dashboard to display the relevant data. It's essential to understand their requirements and adjust the Qualys Query Language (QQL) accordingly. A solid grasp of QQL is a plus when working with Qualys.

Sometimes, it can take more time than other tools to resolve certain issues. For example, if there's a problem with policy compliance, you might not get an immediate solution from Qualys' technical team. 

Occasionally, customers ask for RCA (Root Cause Analysis), and if Qualys doesn't provide it, we can't give a clear answer. This can be frustrating, but it doesn't happen in every case.

In terms of improvement for the web application console, in the older version, things were more segregated and presented in a brief format. However, in the latest version, you have to write a query to retrieve the kind of data you want. Sometimes, if you write the wrong query, you don't get the proper count or the right data, such as how many days a scan has been failing. This can be an issue if you're not familiar with the query language. So, they should offer an optional feature where, if someone isn't familiar with the query language, they can use tab buttons or other features to enable or disable options and get the correct data and information on time.

Qualys VMDR should enhance the EDR (Endpoint Detection and Response) part because there's a lack of information and features in Qualys EDR. Sometimes, organizations have to buy different EDR tools, like Carbon Black and others, to cover the gap.

From a learning perspective, Qualys VMDR needs to improve. Right now, they only provide information, but they don't offer any library or testing environment. Often, customers don't allow changes to be made in the live environment, and I don’t think it’s a good idea to make any changes directly there. It would be great if they could provide a lab environment for testing. That would be really useful.

Qualys is updating certain product modules. Sometimes, they need to provide clearer deadlines. Customers aren't always informed when Qualys updates a module from the backend, which can disrupt our work. For example, they recently updated the "Asset View" module and converted it to "Cybersecurity Asset Management." Customers weren’t aware of this change beforehand.

In situations like this, they need to ensure that they provide proper information, SOPs, or documents so we can share them with customers. Customers also have access to the tool, so they can use the SOPs to learn how the updates work. This would improve productivity because we wouldn't need to spend extra time learning how to use the updated tool.

I have been using it for around four years. 

It’s very stable. Qualys provides advisories faster than other tools when it comes to exploitable vulnerabilities. This helps ensure we can secure the environment promptly.

But, last year we did encounter an issue with the Qualys Gateway Console, where the gateway went down and it took around six hours to set up a new one. After that, we implemented two gateways to ensure we could switch to a secondary one if the primary failed.

Around 300 users work with Qualys, with different permission levels—leaders, managers, and regular users. We have over 50,000 hardware devices in total.

We have a dedicated person for support. She’s always available to help, or if she's on leave, she ensures someone else is aligned to handle our cases, so we don’t breach any timelines. I'd give the support a high rating.

Positive

In other tools, like Rapid7 and InsightVM, everything is done within a single module. In Qualys, we have separated modules with distinct functionalities. You can choose to purchase only the modules and licenses you need, which makes it cost-effective. You don’t have to pay for features you're not using, unlike other tools where everything is bundled.

It's not an issue with Qualys itself. We encountered some problems when migrating from physical scanners to virtual ones, but that was more on our network team’s side. Qualys provided excellent support in that scenario, which helped us identify and resolve the issue on time, and we provided the solution to our customer.

I work with the on-premises version. We updated from physical scanners to virtual scanners.

In my previous organization, I worked on deploying the solution. There, I customized the Windows OS image so that when you install the image on any machine, it prompts for a key that’s already embedded. Once the steps are completed, it automatically installs the Cloud Agent module on every machine. The agent syncs data every four hours, providing vulnerability data and security insights for each machine.

It’s not a one-person task. We had to coordinate with several teams, such as the network and system teams, for deployment. In total, we worked with about six teams during the process.

For about 1,400 machines, it took around three months to complete the deployment and resolve any issues. For example, sometimes policies weren't pushed properly from Ivanti or other tools, or users didn’t turn on their machines, which stopped Qualys services. We had to address these issues for each user, so it took some time. But we completed the deployment in about three months.

Maintenance isn't difficult, especially when working with the Cloud Agent. You just need to set up rules, like purging machines that haven’t connected to the network in three months. You write policies to manage this, which simplifies the decommissioning process and other tasks.

Qualys provides good value for the investment. Before using Qualys, we weren’t clear on how many assets needed purging or how many open vulnerabilities we had. Qualys gave us a clearer picture, so from a cost perspective, it’s been valuable.

I would recommend it. For enterprises, I’d suggest understanding how the tool works and which modules meet your needs. It’s important to coordinate with the customer team or Qualys technical team to figure out how many licenses you need and which modules will benefit your organization. Proper calculation and understanding are key before purchasing.

Overall, I would rate it a nine out of ten. 

It's primarily for vulnerability management. We use VMDR to deploy the cloud agents and scanners in our environment to cover everything holistically. We also use it for service integration so that vulnerabilities can be tracked through there. So, it's more or less vulnerability management.

We need to scan different kinds of assets. It could be our desktops, laptops, servers, and network devices. VMDR enables us with the sort of licensing where we can either deploy agents or scanners or both. So wherever we can deploy agents, we are deploying agents for scanning, for instance, on our workstations and servers. 

And then for network devices, we use just the scanner capabilities of Qualys. So that's why we use this VMDR solution across different sorts of assets in a wide environment.

When we use Qualys VMDR's agents, they usually scan or probably reconvene the vulnerabilities within four hours. So, anything that jumps its way immediately alerts us within a few minutes that something is wrong, and we can check on those terms. 

Other than that, I think it does have a module that can help us prioritize vulnerabilities, not only with vulnerabilities that have been attacked in the wild but also if any vulnerabilities have an exploit available. So those sorts of insights do provide us. It should really help us to prioritize vulnerabilities based on the threats that are out there.

It improved the visibility of the organization. It enables us to, first of all, identify all the assets and then scan them for the vulnerabilities. And then it also helps us to prioritize which vulnerabilities we have to fix first, and we can map out strategies. So, it is what it is meant for, and it is doing really, really good in that sense.

First of all, the licensing products itself is a great tool for VM because it's easy to use, and its reporting is excellent. It gives you a lot of ability and tweaking options to get what you want out of the reports. It gives you a lot of options, and it integrates with our ServiceNow for ticketing and all. So that is also a great feature. Then, the licensing that comes with VMDR enables us to scan different devices without getting any sort of extra license. So, it covers everything under one bundle.

It's the capability of scanning that has proven to be most effective in the risk management aspect. The less number of false positives and the authenticated basic scans are more concrete. So,  the reliable reports and the efficiency of scans are something that we appreciate with all of this.

So, it does reduce those false positives and gives us a more concrete report.

From the application security perspective, Qualys has a way to go. We probably use it for infrastructure scanning, but I feel that Qualys can do better in application scanning as well.

Infrastructure scanning is fine. It's doing good with that. However, there is room for improvement in application scanning.

I have been using it since the beginning, even before VMDR. I used Qualys for scanning. I've been continuously using Qualys for at least a decade. So it's almost ten years I've been working with Qualys.

I would rate the stability a nine out of ten. It has been stable for me. I didn't face any challenges. It worked fine for me.

I would rate the scalability a nine out of ten.

This is probably where Qualys can improve themselves a little bit and help us get a little bit quicker responses. So, that's where I think they can definitely spend some time.

Knowledge-sie the customer service and support are fine, I want them to improve the response time.

Neutral

I have used tools like Rapid7, Nessus. But overall, I feel that Qualys has better capabilities in terms of scanning and then in terms of reporting as well. 

So I can compare it with Rapid7 and Tenable Nessus, and Qualys is definitely way ahead from its competitors in that sense.

The initial setup is straightforward. It's nothing complicated. I think we just need to deploy agents and enable our scanner for the connectivity, and then it's all good.

It is in an hybrid environment. 

The deployment time depends upon the size of the infrastructure. It usually doesn't take much time. You just need to deploy the scanners and agents, which is also usually automated. I don't see it as very time-consuming. So, if I have to rate between one to ten, then I would rate around seven to eight, somewhere down to cover that.

It does require maintenance because it keeps updating its agent version as well, but I see that this is also automated. And then, if we have deployed this on hardware as well, like Windows and all, those also need to be updated online. But, the maintenance is required for sure.

From the security side, we have seven to eight people who are managing Qualys. But then we have people from IT as well who are supposed to see the vulnerabilities and remediate those. So such roles, we also have in Qualys that need the access and also on the vulnerabilities.

I can see the time-to-value benefits of Qualys. It's more of a time and resource. Security is always an expense. We don't get active revenue out of it, so it's more of an expense. 

So returns in terms of risk reduction. It helps us to identify those potential vulnerabilities on time and help facilitate those. So in those terms, it's a return on investment.

It saved us 20% of time because it is easy to use, and since it is integrated, we don't have to touch anything much. 

The pricing is a little expensive on that sense, but it also delivers the value. So, if anybody has the budget for Qualys, then, they should go with Qualys for sure.

I would recommend Qualys VMDR to other users because it is efficient and reliable, and it does what it's supposed to.

Overall, I would rate it an eight out of ten. 

Our primary use case of the product is comprehensive vulnerability management and asset inventory across a hybrid environment consisting of both cloud and on-premises deployments. We manage approximately 45,000 endpoints spread across multiple geographical locations.

The platform's most valuable features include its robust vulnerability detection capabilities and automated remediation workflows. These features not only help us identify vulnerabilities promptly but also enable us to prioritize and remediate them efficiently.

While Qualys VMDR is comprehensive, improvements in asset management functionality would be beneficial. Additionally, reducing dependency on multiple agents for data collection across different endpoints could simplify management and resource utilization.

In the next release, enhancements in reporting and analytics would be appreciated. Advanced analytics capabilities for trend analysis and predictive insights could further empower proactive decision-making in cybersecurity management.

I have been using Qualys VMDR for approximately two years now.

The product is stable. I rate the stability a seven. 

I rate the product scalability an eight. 

The technical support services are good. 

Positive

The initial setup was relatively straightforward. They provided comprehensive documentation and support during deployment, which helped streamline the process. 

I would rate the process a seven or eight. 

We implemented the product with the help of in-house resources and support from Qualys.

We evaluated other options such as Tenable and Rapid7.

I rate Qualys VMDR a nine out of ten. 

In our DLP operations, we use the tool to address stability issues and implement fixes suggested by it. This helps manage risk levels and decide whether to fix issues or implement workarounds.

I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if tags aren't made.

The asset inventory management feature has improved our security posture, which is good. It was introduced recently, and we've just started using it. In terms of management, I believe it's better than what we were using before.

Qualys VMDR is good at handling vulnerability management trends, especially with its policy module. Qualys VMDR offers customizable labels that fit the organization's needs, unlike other tools. This is important for enhancing security and meeting compliance requirements.

There's a need to upgrade or fix the potential vulnerability rate. Around 20,000 potential vulnerabilities were showing in Qualys VMDR, but none of the other tools showed them. When we checked, it wasn't the case. Support explained that even small issues were being counted as vulnerabilities, causing issues in our audit. So, the security features could be improved to identify vulnerabilities accurately.

I have been working with the product for two years. 

The stability is generally good, but we did face issues during the pandemic due to connectivity problems with Qualys VMDR servers. There were syncing issues, and agents weren't getting updated. However, we later realized it was our issue because our software needed updating. We had to manually update the proxy settings, which Qualys VMDR should have done. We managed to tackle the challenge with the help of another team.

Support should be faster and more customer-friendly. We often have to review a lot of documentation for issues we're already aware of and follow basic steps repeatedly. Additionally, we must wait for Qualys VMDR personnel to move scans into debug mode, which can be time-consuming. Getting notifications or updates on these processes more quickly would be helpful.

Setting up the tool doesn't take long and doesn't require many people.

We have an annual contract for Qualys VMDR. I believe it's for either two years or five years.

I haven't personally done any integration, so I can't comment on it. However, I believe some integration was happening between Qualys VMDR and ServiceNow. Our asset management tool was also trying to integrate with Qualys VMDR, but I'm unsure about the details or how it works. I rate the overall product an eight out of ten.