Rulesets in VMDR

In Qualys Vulnerability Management, Detection and Response (VMDR) application, along with resources that might fail certain critical evaluations, you can also get alerts for agent scan. In VMDR, alerts are triggered from the Rule Manager under the Responses tab. You can create or configure rules on a single page using the Alerting Qualys Query Language (QQL) tokens.

The following Frequently Asked Questions (FAQs) will help you understand configuring alerts in VMDR Rule Manager:

How do I enter a query in the VMDR Responses tab?How do I enter a query in the VMDR Responses tab?

Go to Rule Manager and click New Rule. In the New Rule window provide the rule information.

I don't know about Vulnerability or Asset Queries. Is there any reference?I don't know about Vulnerability or Asset Queries. Is there any reference?

Even though you are not acquainted with the queries, a Syntax Help is displayed on the user-interface as soon as you enter a letter. You get a list of QQL as soon as you enter few letters in the text field.

For example, if you want to know the vulnerabilities on port 443, the query is:

vulnerabilities.port:443

The following screenshot is an example of the vulnerability query:

Does VMDR Response allow to test my query before I save the query?Does VMDR Response allow to test my query before I save the query?

Yes. The Test Query button facilitates to test your query. After you enter a Vulnerability or Asset QQL, click the Test Query button. A successful query generates an output. The following screenshot displays the Test Query and the result it generated:

Which actions can be performed in VMDR alerts?Which actions can be performed in VMDR alerts?

You can send alerts via Email, Slack, and PageDuty from the Actions tab. Refer the following screenshot that represents Action button and Select Action drop-down menu:

Refer to VMDR Online Help if you want to implement CM alerts in VMDR.