TruRisk Score in CSAM

TruRisk Score is categorized as Low, Medium, High, and Severe based on the calculated score between 0 to 1000. 

The Inventory > Assets tab gives you asset information with the TruRisk score assigned to the asset. 

TruRisk Score

Apart from the vulnerabilities detected, CSAM extends TruRisk by adding additional detections, including end-of-life & end-of-support (EoS) software, unauthorized software, unauthorized ports, and missing required software.

Important to Know!

- CSAM Trial or Paid User, and VMDR enabled: Vulenratbilites detected from VMDR along with the CSAM truRisk calculating factors contribute to the risk contributor and generate TruRisk Score.

- CSAM Trial or Paid User, and VMDR not enabled: Only the CSAM truRisk calculating factors contribute to the risk Contributor and generate TruRisk Based on CSAM risk Contributing factors.

- Each vector has a Qualys Detection Score (QDS), following the established 1-100 range. Then, all the CSAM detections are combined into TruRisk.

- The end-of-support detection score is automatically calculated by correlating vulnerabilities to software and incorporating the time it is unsupported.

- You can define which ports and software are unauthorized and the severity.

- You can create port rules from the newly added Port Rules tab to add unauthorized and authorized ports to the rule. Then, the QDS scores get associated with the Unauthorized ports.

For more information, see TruRisk Score from the "Security Section Details" section and for more about the TruRisk Score calculation, see TruRisk Score Calculation.


Additional References

Viewing Inventory of External Attack Surface Discovered Assets

-  Viewing EASM Inventory from EASM Toggle