Knowledge Base

1-Purchase and Account Activation:
After purchasing a new license at https://store.hackerguardian.com, you will receive an account activation email like the one below. If you do not receive this email, please check your spam folder before contacting support. Clicking on the link will activate your account and provide you with the credentials for the portal. Note that the credentials for store.hackerguardian.com and the HackerGuardian portal are different, and the store credentials should be used when logging into https://store.hackerguardian.com for renewals and upgrades only.



2-Account activation:
The customer should receive an activation email once the request is completed from the HackerGuradian, or the Sectigo retail store. The activation email is simply a password reset email. If the account is active, the customer will be able to access the PCI forgot password link below, provide the username, and click on Submit.

https://pci.qualys.com/merchant/forgot_pw.php




3-After successful login to the portal.
Portal Login Please bookmark https://pci.qualys.com/merchant/, which is the login for the new portal.



4-Use the step-by-step user guide below:
https://www.hackerguardian.com/uploads/resources/HackerGuardian_userGuide.pdf
 

1. Adding IP addresses.
2. Deleting IP addresses.
3. Adding domains.
4. Deleting domains.
5. Starting scan.
6. Viewing reports.
7. Reporting False Positive.
8. Generate Attestation of Scan Compliance, detailed report, and Executive Summary.
9. Create a Scan Schedule.

5-Frequent issues:

1-I cannot log in:
-Please check your license, if it is expired, you will not be able to log in.
Follow the renewal procedure.

2-False positive issues:
It's the customer's responsibility to submit a false positive through the portal, not through a case.
(Refer to the user guide).

4- Scan Interference.
-Make sure scan is not blocked, from customer’s IPS/IDS, or Firewall.
-Our scanner IP range to whitelist:

CIDR: 64.39.96.0/20 (64.39.96.1 to 64.39.111.254),
CIDR: 139.87.112.0/23 (139.87.112.1 to 139.87.113.254)
-Customer can submit false positive, if the scanner is not blocked, and provide their evidence for review.

5-Report issues:
-Customer must resolve any fail issues, to receive a compliance report.
-Once the report is pass, then they can generate a compliance report under the compliance menu.
-Please refer to the user guide on how to generate a compliance report.
-Customer might receive a “Fail” report, if the scan is not current (Best practice for current host, is max. 30 days).
-Scan report will list all the vulnerabilities, and how to fix them.
-Executive report is the attestation of compliance report, that customer will provide it to their acquirer.

6-SAQ forms:
-We no longer have the wizard on the PCI portal to submit the SAQ forms
-SAQ is a self assessment questioner, that customer needs to download and send it along with their report to the bank acquirer, please refer to the links below.
Understanding SAQ:
https://www.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf
Downloading SAQ forms:
https://www.pcisecuritystandards.org/document_library?category=saqs

8-Different HG licenses:
Compare license at https://www.hackerguardian.com/

9-FAQ.
https://www.hackerguardian.com/frequently-asked-questions

10-PCI Compliance PDF.
https://www.hackerguardian.com/uploads/audio/PCI-Compliance-Doc.pdf

11- No Host alive:

The "No Host Alive" message displayed on the screen means during the Discovery phase of the scan, Qualys did not detect a live system at the IP Address.

The Discovery phase tests 30 common ports to see if a response is received, thus validating that the system is alive. After which, Qualys then moves onto the scanning phase.

If we don’t receive a response on those 30 common ports, Qualys list the system as Not Alive.

Here are the ports we check during our initial discovery phase:
PCI Scan - Host Discovery
TCP:   21-23, 25, 53, 80, 88, 110-111, 135, 139, 443, 445
UDP:   53, 111, 135, 137, 161, 500
ICMP:   On

Solution:
Follow one of the following steps to resolve the problem:

• White list the Qualys scanner IP’s 64.39.96.0/20 (64.39.96.1-64.39.111.254), and 139.87.112.0/23 (139.87.112.1 to 139.87.113.254) on firewall and re-run the scan.
• Enable ICMP to the system, this will allow the system to be discovered alive.
• We will have to enable “Scan dead hosts” on the account”, but that increases scan duration.

12- Scan Duration:
We can't define scanning duration as it depends on multiple things like bandwidth, Host, Services. You can check the bandwidth setting and change the bandwidth setting as per your requirement. Below are some of the reasons why the scan time increases.
 
A few of the factors on which the scan time for the host depends are listed below:
 
1. Network bandwidth
2. Response from the server
3. Number of ports open and the services running on them
4. Also, if the service gets detected as unknown, the time taken to complete the scan increases as we try to detect the accurate service using different fingerprinting techniques.
Using Qualys PCI Compliance, you can scan your network in segments and remediate/re-scan for vulnerabilities on target IPs. Segmented scanning allows you to scan hosts that you have remediated without having to scan your entire network.
 
Overall Status:

The overall compliance status indicates whether the network is compliant with the PCI Data Security Standard. The network consists of all the IPs in your account.
 means that the network is Compliant. No vulnerabilities, which must be fixed to pass PCI compliance, were found on the network. When the overall compliance status is Compliant, click the Generate button to create your network reports for certification.
 means that the network is Not Compliant. One or more vulnerabilities, which must be fixed to pass PCI compliance, were found on the network.

Generate Reports

Click the Generate button to generate PCI network reports based on the current vulnerability data for your network. See Generate Network Reports for instructions on using the workflow to generate, save, and send network reports to your Approved Scanning Vendor for review and approval. Once approved by the ASV, you can submit PCI certified reports directly to your acquiring banks.
Note that we will show a warning message on the Report Generate page when you generate a PCI report that is Not PCI-compliant. The message will inform that you are about to generate a report for PCI scan that has hosts with vulnerabilities. We recommend you to either mark the vulnerabilities as False Positives or remediate them, then re-scan the hosts. Click Next to generate the report.

Hosts

This section provides information about the hosts in your account.
In Account: The total number of hosts in your account.
Not Live: The total number of hosts in your account that were not found to be alive during scan processing. These IPs were specified as target IPs for scans that were launched in your account. The service was not able to find the host during host discovery, the first phase of the scan. Check to be sure that your hosts are properly connected to your network and have Internet access. Hosts that are not live will not cause you to fail PCI compliance. Note, however, these hosts will be identified in the PCI network reports that you submit to your acquiring banks to demonstrate compliance, because the PCI compliance service could not determine whether these hosts passed PCI compliance requirements.
 Compliant: The total number of hosts in your account that are Compliant with PCI security standards.
 Not Compliant: The total number of hosts in your account that are Not Compliant with PCI security standards.
 Not Current: The total number of hosts in your account that are Not Current. A host in your account is considered Not Current if it was scanned more than 30 days ago or has never been scanned. The PCI compliance service defines the best practice scanning period to be 30 days prior to today. For a host to receive Compliant status, you must scan the host during the best practice scanning period and there must be no PCI vulnerabilities found for that scan.

Vulnerabilities and Potential Vulnerabilities

 PCI severity level (High, Medium and Low). These include vulnerabilities that failed PCI compliance and must be fixed, as well as vulnerabilities that we recommend that you fix. All vulnerabilities and potential vulnerabilities with a PCI status of FAIL must be fixed to pass the PCI compliance requirements

This section displays the total number of current vulnerabilities and potential vulnerabilities at each

Compliance Status for Each Host

This section shows the compliance status for each host in your account based on the most recent network scans. A check mark () indicates that the host is Compliant. No vulnerabilities, which must be fixed to pass PCI compliance, were found on the host. A dash () indicates that the host is Not Compliant; one or more vulnerabilities, which must be fixed to pass PCI compliance, were found on the host.
What are the vulnerability counts? The total number of current vulnerabilities and potential vulnerabilities that have been detected on the host. These include vulnerabilities that failed PCI compliance and must be fixed, as well as vulnerabilities that we recommend that you fix.

Host Status

All live hosts are displayed in the Host Status list by default. You may change the types of hosts displayed using the buttons: All Live DNS, Hosts not Live and Hosts not Current.
When all live hosts or all live DNS are displayed, an actions bar appears above the list enabling you to perform actions on one or more hosts in the list, such as Scan to start a network scan on the selected host, View Vulnerabilities to view the current vulnerabilities for the host and Download Report to download the current vulnerabilities for the host in PDF format.

Please contact support for further assistant,

HackerGuardian Support

Monday to Friday, 4am–8pm ET
USA: +1 (888) 256-2608
International: +1 (209) SECTIGO (732-8446)
https://sectigo.com/support-ticket