Having had to use Qualys vuln scanning in 2018-2019 I can firmly say I do not like it at all. I can't comment on its ability to report vulns but administering it is not fun.
There seems to be a built-in assumption that networks are static and hosts don't come and go, like they do in reality. You can't throw a subnet at it and have it figure out what’s there and what vulns might be present; no, you have to map the network and then assign hosts to consume a licence. Decommissioned a device? You must manually remove the licence from it; it won't get aged out.
This breach doesn't change anything for me.