Qualys is a vulnerability scanner that JHA uses. They have internal and external boxes. If the scans are being run against public addresses they’ll be sourced from the 64.39.96.0/20 network. There are two phases to the scan. The first is a discovery phase where the system probes to see what is there. This will include a handful of known ports on TCP and UDP as well as ICMP attempts. Once it determines which hosts are live the second phase involves enumeration attempts by the scanning appliance. The scanner will try to learn as much about the host as it can before attempting to enumerate any vulnerabilities that may be present based on the scan results. Reports from these scans can be made available by submitting a case to Corp with whatever email distribution list you have in mind. There’s also a weekly report generated for scans run against our internal IPs.
Source: 64.39.96.0/20
| Range | Day Scanned | Start Time | Average Run Time |
|---|---|---|---|
| 74.200.44.0/24 | Tuesdays | 9pm | 120 minutes |
Information provided by Matt Stephens in Corp Security Services